summaryrefslogtreecommitdiffstats
path: root/drivers/net/tun.c
diff options
context:
space:
mode:
authorMichael Tokarev <mjt@tls.msk.ru>2009-02-02 23:34:56 -0800
committerDavid S. Miller <davem@davemloft.net>2009-02-02 23:34:56 -0800
commit1bded710a574f20d41bc9e7fb531301db282d623 (patch)
tree02153d39ee525edaee35953c663926cb57075757 /drivers/net/tun.c
parent1a5645bc901aea6f3f446888061b2b084bbf1ba6 (diff)
downloadlinux-1bded710a574f20d41bc9e7fb531301db282d623.tar.gz
linux-1bded710a574f20d41bc9e7fb531301db282d623.tar.bz2
linux-1bded710a574f20d41bc9e7fb531301db282d623.zip
tun: Check supplemental groups in TUN/TAP driver.
Michael Tokarev wrote: [] > 2, and this is the main one: How about supplementary groups? > > Here I have a valid usage case: a group of testers running various > versions of windows using KVM (kernel virtual machine), 1 at a time, > to test some software. kvm is set up to use bridge with a tap device > (there should be a way to connect to the machine). Anyone on that group > has to be able to start/stop the virtual machines. > > My first attempt - pretty obvious when I saw -g option of tunctl - is > to add group ownership for the tun device and add a supplementary group > to each user (their primary group should be different). But that fails, > since kernel only checks for egid, not any other group ids. > > What's the reasoning to not allow supplementary groups and to only check > for egid? Signed-off-by: Michael Tokarev <mjt@tls.msk.ru> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'drivers/net/tun.c')
-rw-r--r--drivers/net/tun.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/drivers/net/tun.c b/drivers/net/tun.c
index 457f2d7430cf..15d67635bb10 100644
--- a/drivers/net/tun.c
+++ b/drivers/net/tun.c
@@ -123,7 +123,7 @@ static int tun_attach(struct tun_struct *tun, struct file *file)
/* Check permissions */
if (((tun->owner != -1 && cred->euid != tun->owner) ||
- (tun->group != -1 && cred->egid != tun->group)) &&
+ (tun->group != -1 && !in_egroup_p(tun->group))) &&
!capable(CAP_NET_ADMIN))
return -EPERM;