Mike Mohr <[EMAIL PROTECTED]> wrote: (intentionally not snipping much)
> Per the post here: > > http://lkml.org/lkml/2007/6/18/228 > > it appears that the group ownership patch has made it into .23. I am > using these patches, amongst which the kernel component appears to be > identical: > > http://sigxcpu.org/unsorted-patches/0001-allow-tun-ownership-by-group.patch > http://sigxcpu.org/unsorted-patches/tunctl_gid.diff > > I can create devices that are owned by my user account (tunctl -u > `whoami` -t tap0) and it works fine. However, if I use group > permissions with -g it stops working. In all cases, if I pass -g > <group>, the interface is created correctly but it is unusable as a > non-root user. > > So my question is: am I doing something wrong? If I am, I don't see > it. Assuming then that I am not doing anything wrong on my end, I > assume then that there is something missing from the kernel patch I > applied. I read over it and I can't see any issues, especially > considering that tunctl comes back without error (even with -g) and > creates an interface. > > Just wondering if this was an issue that should be looked into-- IMHO the check is broken: + if (((tun->owner != -1 && + current->euid != tun->owner) || + (tun->group != -1 && + current->egid != tun->group)) && + !capable(CAP_NET_ADMIN)) return -EPERM; It should be something like: + if (!((tun->owner == tun->owner) || + (tun->group == tun->group) || + capable(CAP_NET_ADMIN))) return -EPERM; Please verify and forward to the maintainers if my guess appears to be correct. -- Never stand when you can sit, never sit when you can lie down, never stay awake when you can sleep. Friß, Spammer: [EMAIL PROTECTED] - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
