Re: [PATCH net v5 5/7] net: ip6_gre: require CAP_NET_ADMIN in the device netns for changelink

Next message: Kuniyuki Iwashima: "Re: [PATCH net v5 4/7] net: ip6_tunnel: require CAP_NET_ADMIN in the device netns for changelink"
Previous message: Gao Xiang: "Re: don't merge bios over iomap boundaries, was: Re: [PATCH] erofs: prevent buffered read bio merges across device chunks"
In reply to: Maoyi Xie: "[PATCH net v5 5/7] net: ip6_gre: require CAP_NET_ADMIN in the device netns for changelink"
Next in thread: Maoyi Xie: "[PATCH net v5 6/7] net: ip6_vti: require CAP_NET_ADMIN in the device netns for changelink"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Kuniyuki Iwashima

Date: Fri Jun 12 2026 - 02:56:11 EST

On Wed, Jun 10, 2026 at 11:28 PM Maoyi Xie <maoyixie.tju@xxxxxxxxx> wrote:
>
> ip6gre_changelink() and ip6erspan_changelink() operate on at most two
> netns, dev_net(dev) and the tunnel link netns t->net. They differ once
> the device is created in or moved to a netns other than the one the
> request runs in. The rtnl changelink path checks CAP_NET_ADMIN only
> against dev_net(dev), so a caller privileged there but not in t->net can
> rewrite a tunnel that lives in t->net.
>
> Gate both ops on rtnl_dev_link_net_capable() at their top, before any
> attribute is parsed.
>
> Reported-by: Xiao Liang <shaw.leon@xxxxxxxxx>
> Closes: https://lore.kernel.org/netdev/CABAhCOSzP1vaThGV35_VnsRCb=87_CPjPVsTHbq905k8A+BuUg@xxxxxxxxxxxxxx/
> Fixes: 690afc165bb3 ("net: ip6_gre: fix moving ip6gre between namespaces")
> Cc: stable@xxxxxxxxxxxxxxx
> Signed-off-by: Maoyi Xie <maoyixie.tju@xxxxxxxxx>

Reviewed-by: Kuniyuki Iwashima <kuniyu@xxxxxxxxxx>