Commit a70c7b3
tun: revert fix group permission check
This reverts commit 3ca459e.
The blamed commit caused a regression when neither tun->owner nor
tun->group is set. This is intended to be allowed, but now requires
CAP_NET_ADMIN.
Discussion in the referenced thread pointed out that the original
issue that prompted this patch can be resolved in userspace.
The relaxed access control may also make a device accessible when it
previously wasn't, while existing users may depend on it to not be.
This is a clean pure git revert, except for fixing the indentation on
the gid_valid line that checkpatch correctly flagged.
Fixes: 3ca459e ("tun: fix group permission check")
Link: https://lore.kernel.org/netdev/CAFqZXNtkCBT4f+PwyVRmQGoT3p1eVa01fCG_aNtpt6dakXncUg@mail.gmail.com/
Signed-off-by: Willem de Bruijn <[email protected]>
Cc: Ondrej Mosnacek <[email protected]>
Cc: Stas Sergeev <[email protected]>
Link: https://patch.msgid.link/[email protected]
Signed-off-by: Jakub Kicinski <[email protected]>1 parent 02b71dc commit a70c7b3
1 file changed
+5
-9
lines changed| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
574 | 574 | | |
575 | 575 | | |
576 | 576 | | |
577 | | - | |
| 577 | + | |
578 | 578 | | |
579 | 579 | | |
580 | 580 | | |
581 | 581 | | |
582 | | - | |
583 | | - | |
584 | | - | |
585 | | - | |
586 | | - | |
587 | | - | |
588 | | - | |
| 582 | + | |
| 583 | + | |
| 584 | + | |
589 | 585 | | |
590 | 586 | | |
591 | 587 | | |
| |||
2782 | 2778 | | |
2783 | 2779 | | |
2784 | 2780 | | |
2785 | | - | |
| 2781 | + | |
2786 | 2782 | | |
2787 | 2783 | | |
2788 | 2784 | | |
| |||
0 commit comments