tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

[NET]: Allow group ownership of TUN/TAP devices.

Introduce a new syscall TUNSETGROUP for group ownership setting of tap
devices. The user now is allowed to send packages if either his euid or
his egid matches the one specified via tunctl (via -u or -g
respecitvely). If both, gid and uid, are set via tunctl, both have to
match.

Signed-off-by: Guido Guenther <agx@sigxcpu.org>
Signed-off-by: Jeff Dike <jdike@linux.intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

authored by

Guido Guenther and committed by
David S. Miller 8c644623 0ba48053

+15 -2
+13 -2
drivers/net/tun.c
··· 432 432 init_waitqueue_head(&tun->read_wait); 433 433 434 434 tun->owner = -1; 435 + tun->group = -1; 435 436 436 437 SET_MODULE_OWNER(dev); 437 438 dev->open = tun_net_open; ··· 468 467 return -EBUSY; 469 468 470 469 /* Check permissions */ 471 - if (tun->owner != -1 && 472 - current->euid != tun->owner && !capable(CAP_NET_ADMIN)) 470 + if (((tun->owner != -1 && 471 + current->euid != tun->owner) || 472 + (tun->group != -1 && 473 + current->egid != tun->group)) && 474 + !capable(CAP_NET_ADMIN)) 473 475 return -EPERM; 474 476 } 475 477 else if (__dev_get_by_name(ifr->ifr_name)) ··· 612 608 tun->owner = (uid_t) arg; 613 609 614 610 DBG(KERN_INFO "%s: owner set to %d\n", tun->dev->name, tun->owner); 611 + break; 612 + 613 + case TUNSETGROUP: 614 + /* Set group of the device */ 615 + tun->group= (gid_t) arg; 616 + 617 + DBG(KERN_INFO "%s: group set to %d\n", tun->dev->name, tun->group); 615 618 break; 616 619 617 620 case TUNSETLINK:
+2
include/linux/if_tun.h
··· 36 36 unsigned long flags; 37 37 int attached; 38 38 uid_t owner; 39 + gid_t group; 39 40 40 41 wait_queue_head_t read_wait; 41 42 struct sk_buff_head readq; ··· 79 78 #define TUNSETPERSIST _IOW('T', 203, int) 80 79 #define TUNSETOWNER _IOW('T', 204, int) 81 80 #define TUNSETLINK _IOW('T', 205, int) 81 + #define TUNSETGROUP _IOW('T', 206, int) 82 82 83 83 /* TUNSETIFF ifr flags */ 84 84 #define IFF_TUN 0x0001