On Wed, Apr 17, 2019 at 08:31:57PM -0700, Richard Cochran wrote: > On Wed, Apr 17, 2019 at 08:59:58PM +0200, Jiri Benc wrote: > > The problem here is this patch gives access to physical interface > > settings through a virtual interface layered on top of it. Whenever > > such thing is done, the virtual interface needs to provide a suitable > > way of moderating access to the shared resources, so the individual > > virtual interfaces do not affect each other. That's not what's being > > done here. > > So I guess the macvlan should reject SIOCSHWTSTAMP but allow > SIOCGHWTSTAMP.
FWIW, my suggestion was to limit what the SIOCSHWTSTAMP ioctl can do on the virtual interface. It could only enable HW timestamping or select a more general filter. A container could run a PTP clock if it had also access to the PHC device, or it could have the NET_ADMIN capability for other reasons, but it couldn't disable HW timestamping enabled by the host or other container. If I understand it correctly, even without this ioctl a container can prevent the host or other containers from getting some of the HW timestamps by requesting TX timestamps at a high rate. I suspect the timestamping would need to be restricted to the real interface to fully protect it from applications having access to the virtual interfaces. -- Miroslav Lichvar
