The branch stable/12 has been updated by zlei:
URL:
https://cgit.FreeBSD.org/src/commit/?id=92de6be41ef4c05f403e2f29abad06ddd20f307c
commit 92de6be41ef4c05f403e2f29abad06ddd20f307c
Author: Zhenlei Huang <zlei.hu...@gmail.com>
AuthorDate: 2022-10-15 15:05:36 +0000
Commit: Zhenlei Huang <z...@freebsd.org>
CommitDate: 2023-01-13 04:30:21 +0000
if_me: Use dedicated network privilege
Separate if_me privileges from if_gif.
Reviewed by: kp
Approved by: kp (mentor)
Differential Revision: https://reviews.freebsd.org/D36691
(cherry picked from commit 43f8c763cdeea29f95b6f0eebce3ad80dd210c7a)
(cherry picked from commit 310f6f2448ed5baf0d74fba7660468df84dce184)
---
sys/kern/kern_jail.c | 1 +
sys/net/if_me.c | 2 +-
sys/sys/priv.h | 1 +
3 files changed, 3 insertions(+), 1 deletion(-)
diff --git a/sys/kern/kern_jail.c b/sys/kern/kern_jail.c
index c9c220c3b56d..fd29ca424848 100644
--- a/sys/kern/kern_jail.c
+++ b/sys/kern/kern_jail.c
@@ -3145,6 +3145,7 @@ prison_priv_check(struct ucred *cred, int priv)
case PRIV_NET_GIF:
case PRIV_NET_SETIFVNET:
case PRIV_NET_SETIFFIB:
+ case PRIV_NET_ME:
/*
* 802.11-related privileges.
diff --git a/sys/net/if_me.c b/sys/net/if_me.c
index 7bfe73c05344..319196c6b089 100644
--- a/sys/net/if_me.c
+++ b/sys/net/if_me.c
@@ -322,7 +322,7 @@ me_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data)
ifr->ifr_fib = sc->me_fibnum;
break;
case SIOCSTUNFIB:
- if ((error = priv_check(curthread, PRIV_NET_GRE)) != 0)
+ if ((error = priv_check(curthread, PRIV_NET_ME)) != 0)
break;
if (ifr->ifr_fib >= rt_numfibs)
error = EINVAL;
diff --git a/sys/sys/priv.h b/sys/sys/priv.h
index 948a6c28bb69..0a75944e29e8 100644
--- a/sys/sys/priv.h
+++ b/sys/sys/priv.h
@@ -346,6 +346,7 @@
#define PRIV_NET_VXLAN 420 /* Administer vxlan. */
#define PRIV_NET_SETLANPCP 421 /* Set LAN priority. */
#define PRIV_NET_SETVLANPCP PRIV_NET_SETLANPCP /* Alias Set VLAN
priority */
+#define PRIV_NET_ME 423 /* Administer ME interface. */
/*
* 802.11-related privileges.
