From e0690152b89a9a616cc088002082259997cfac17 Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman Date: Thu, 21 Dec 2023 13:26:18 +0000 Subject: [PATCH] Revert "drop_monitor: Require 'CAP_SYS_ADMIN' when joining "events" group" This reverts commit b5ca945612b455ac01c2fc17c6d24bc6cbf1071a which is commit e03781879a0d524ce3126678d50a80484a513c4b upstream. It breaks the Android kernel abi and can be brought back in the future in an abi-safe way if it is really needed. Bug: 161946584 Change-Id: Iecbd6b6537bd4cd2d178d0afbdc7557e521429c5 Signed-off-by: Greg Kroah-Hartman --- include/net/genetlink.h | 2 -- net/core/drop_monitor.c | 4 +--- net/netlink/genetlink.c | 3 --- 3 files changed, 1 insertion(+), 8 deletions(-) diff --git a/include/net/genetlink.h b/include/net/genetlink.h index 0d42156416eb..6fe3ab5af5c9 100644 --- a/include/net/genetlink.h +++ b/include/net/genetlink.h @@ -13,12 +13,10 @@ * struct genl_multicast_group - generic netlink multicast group * @name: name of the multicast group, names are per-family * @flags: GENL_* flags (%GENL_ADMIN_PERM or %GENL_UNS_ADMIN_PERM) - * @cap_sys_admin: whether %CAP_SYS_ADMIN is required for binding */ struct genl_multicast_group { char name[GENL_NAMSIZ]; u8 flags; - u8 cap_sys_admin:1; }; struct genl_ops; diff --git a/net/core/drop_monitor.c b/net/core/drop_monitor.c index 8e0a90b45df2..f084a4a6b7ab 100644 --- a/net/core/drop_monitor.c +++ b/net/core/drop_monitor.c @@ -181,7 +181,7 @@ out: } static const struct genl_multicast_group dropmon_mcgrps[] = { - { .name = "events", .cap_sys_admin = 1 }, + { .name = "events", }, }; static void send_dm_alert(struct work_struct *work) @@ -1604,13 +1604,11 @@ static const struct genl_small_ops dropmon_ops[] = { .cmd = NET_DM_CMD_START, .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, .doit = net_dm_cmd_trace, - .flags = GENL_ADMIN_PERM, }, { .cmd = NET_DM_CMD_STOP, .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, .doit = net_dm_cmd_trace, - .flags = GENL_ADMIN_PERM, }, { .cmd = NET_DM_CMD_CONFIG_GET, diff --git a/net/netlink/genetlink.c b/net/netlink/genetlink.c index 505d3b910cc2..3e16527beb91 100644 --- a/net/netlink/genetlink.c +++ b/net/netlink/genetlink.c @@ -1438,9 +1438,6 @@ static int genl_bind(struct net *net, int group) if ((grp->flags & GENL_UNS_ADMIN_PERM) && !ns_capable(net->user_ns, CAP_NET_ADMIN)) ret = -EPERM; - if (grp->cap_sys_admin && - !ns_capable(net->user_ns, CAP_SYS_ADMIN)) - ret = -EPERM; break; }