From: "Maciej Żenczykowski" <zenczykowski@gmail.com>
To: "Maciej Żenczykowski" <maze@google.com>
Cc: netdev@vger.kernel.org, "Maciej Żenczykowski" <maze@google.com>
Subject: [PATCH] net: add sysctl allow_so_priority for SO_PRIORITY setsockopt
Date: Fri, 21 Oct 2011 15:22:05 -0700 [thread overview]
Message-ID: <1319235725-3046-1-git-send-email-zenczykowski@gmail.com> (raw)
From: Maciej Żenczykowski <maze@google.com>
This change adds a sysctl (/proc/sys/net/core/allow_so_priority)
with a default of true (1), as such it does not change the default
behaviour of the Linux kernel.
This sysctl can be set to false (0), this will result in non
CAP_NET_ADMIN processes being unable to set SO_PRIORITY socket
option.
This is desireable if we want to rely on socket/skb priorities
being inferred from TOS/TCLASS bits.
Signed-off-by: Maciej Żenczykowski <maze@google.com>
---
include/net/sock.h | 2 ++
net/core/sock.c | 5 ++++-
net/core/sysctl_net_core.c | 7 +++++++
3 files changed, 13 insertions(+), 1 deletions(-)
diff --git a/include/net/sock.h b/include/net/sock.h
index 5ac682f..bf18a6a 100644
--- a/include/net/sock.h
+++ b/include/net/sock.h
@@ -1853,6 +1853,8 @@ extern __u32 sysctl_rmem_max;
extern void sk_init(void);
+extern int sysctl_allow_so_priority;
+
extern int sysctl_optmem_max;
extern __u32 sysctl_wmem_default;
diff --git a/net/core/sock.c b/net/core/sock.c
index 5a08762..383fd89 100644
--- a/net/core/sock.c
+++ b/net/core/sock.c
@@ -217,6 +217,8 @@ __u32 sysctl_rmem_max __read_mostly = SK_RMEM_MAX;
__u32 sysctl_wmem_default __read_mostly = SK_WMEM_MAX;
__u32 sysctl_rmem_default __read_mostly = SK_RMEM_MAX;
+int sysctl_allow_so_priority __read_mostly = 1;
+
/* Maximal space eaten by iovec or ancillary data plus some space */
int sysctl_optmem_max __read_mostly = sizeof(unsigned long)*(2*UIO_MAXIOV+512);
EXPORT_SYMBOL(sysctl_optmem_max);
@@ -612,7 +614,8 @@ set_rcvbuf:
break;
case SO_PRIORITY:
- if ((val >= 0 && val <= 6) || capable(CAP_NET_ADMIN))
+ if ((val >= 0 && val <= 6 && sysctl_allow_so_priority)
+ || capable(CAP_NET_ADMIN))
sk->sk_priority = val;
else
ret = -EPERM;
diff --git a/net/core/sysctl_net_core.c b/net/core/sysctl_net_core.c
index 77a65f0..91fdaac 100644
--- a/net/core/sysctl_net_core.c
+++ b/net/core/sysctl_net_core.c
@@ -183,6 +183,13 @@ static struct ctl_table net_core_table[] = {
.mode = 0644,
.proc_handler = proc_dointvec
},
+ {
+ .procname = "allow_so_priority",
+ .data = &sysctl_allow_so_priority,
+ .maxlen = sizeof(int),
+ .mode = 0644,
+ .proc_handler = proc_dointvec
+ },
{ }
};
--
1.7.3.1
next reply other threads:[~2011-10-21 22:22 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-10-21 22:22 Maciej Żenczykowski [this message]
2011-10-22 4:04 ` [PATCH] net: add sysctl allow_so_priority for SO_PRIORITY setsockopt David Miller
2011-10-22 6:49 ` Maciej Żenczykowski
2011-10-22 6:58 ` David Miller
2011-10-22 8:27 ` Maciej Żenczykowski
2011-10-22 8:40 ` David Miller
2011-10-22 9:01 ` David Täht
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1319235725-3046-1-git-send-email-zenczykowski@gmail.com \
--to=zenczykowski@gmail.com \
--cc=maze@google.com \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).