[PATCH 5/9] net-sysfs: require net admin in the init ns for setting tx_maxrate

[Tyler Hicks]

BugLink: https://launchpad.net/bugs/1784501

An upcoming change will allow container root to open some /sys/class/net
files for writing. The tx_maxrate attribute can result in changes
to actual hardware devices so err on the side of caution by requiring
CAP_NET_ADMIN in the init namespace in the corresponding attribute store
operation.

Signed-off-by: Tyler Hicks <tyhicks at canonical.com>
Signed-off-by: David S. Miller <davem at davemloft.net>
(cherry picked from commit 3033fced2f689d4a870b3ba6a8a676db1261d262 linux-next)
Signed-off-by: Tyler Hicks <tyhicks at canonical.com>
---
 net/core/net-sysfs.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/net/core/net-sysfs.c b/net/core/net-sysfs.c
index bb7e80f4ced3..87bb881459b6 100644
--- a/net/core/net-sysfs.c
+++ b/net/core/net-sysfs.c
@@ -1070,6 +1070,9 @@ static ssize_t tx_maxrate_store(struct netdev_queue *queue,
 	int err, index = get_netdev_queue_index(queue);
 	u32 rate = 0;
 
+	if (!capable(CAP_NET_ADMIN))
+		return -EPERM;
+
 	err = kstrtou32(buf, 10, &rate);
 	if (err < 0)
 		return err;
-- 
2.7.4