Page MenuHomeFreeBSD
Differential D36691

if_me: Use dedicated network privilege
ClosedPublic
Actions

Authored by zlei on Sep 25 2022, 4:42 AM.
Tags
Referenced Files
F96323149: D36691.diff
Tue, Sep 24, 2:36 PM
Unknown Object (File)
Wed, Sep 18, 1:35 AM
Unknown Object (File)
Tue, Sep 17, 11:54 PM
Unknown Object (File)
Sun, Sep 15, 10:31 PM
Unknown Object (File)
Sun, Sep 15, 10:14 PM
Unknown Object (File)
Sun, Sep 15, 2:00 PM
Unknown Object (File)
Sun, Sep 15, 4:57 AM
Unknown Object (File)
Sun, Sep 15, 4:57 AM
View All 46 Files
Subscribers
glebius
imp
kp
melifaro

Details

Reviewers
ae
Group Reviewers
network
Commits
rG92de6be41ef4: if_me: Use dedicated network privilege
rG310f6f2448ed: if_me: Use dedicated network privilege
rG43f8c763cdee: if_me: Use dedicated network privilege
Test Plan

Create a vnet jail, setup and config me(4) interface should succeed.

root@:~ # kldload if_me
root@:~ # jail -c path=/ name=test vnet persist 
root@:~ # jexec test sysctl net.fibs=2
net.fibs: 1 -> 2
root@:~ # jexec test ifconfig me create
me0
root@:~ # jexec test ifconfig me0 fib 1

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Skipped
Unit
Tests Skipped

Event Timeline

zlei created this revision.Sep 25 2022, 4:42 AM
Herald added subscribers: glebius, melifaro, imp. · View Herald TranscriptSep 25 2022, 4:42 AM
zlei requested review of this revision.Sep 25 2022, 4:42 AM
zlei added inline comments.Oct 9 2022, 1:12 AM
sys/sys/priv.h
352

Conflict with PRIV_NET_WG introduced by ongoing D36909.

kp added a subscriber: kp.Oct 13 2022, 8:36 AM

What problem does this fix? In other words, what is the motivation for this change?

Is there a use case for separating the GRE and ME privs? It's conceptually cleaner, but it could (theoretically at least, I doubt anyone actually does this) break existing configurations that rely on granting PRIV_NET_GRE to administer me interfaces.

zlei added a comment.Oct 13 2022, 2:53 PM
In D36691#839695, @kp wrote:

What problem does this fix? In other words, what is the motivation for this change?

No known problems.
When I was trying to resolve https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=266712, I dug into the privileges design. I checked multiple tunnel interface implementations and found that if_me shares network privilege with if_gre. Intuitively this would confuse consumer. Fortunately there is no other consumers in base system.

Is there a use case for separating the GRE and ME privs? It's conceptually cleaner, but it could (theoretically at least, I doubt anyone actually does this) break existing configurations that rely on granting PRIV_NET_GRE to administer me interfaces.

There is no other consumers (of PRIV_NET_GRE) in base system, except for if_gre and if_me. I have not checked ports yet but it should be easy to fix ( in ports ).

It's conceptually cleaner

Yes +1.

This revision was not accepted when it landed; it landed in state Needs Review.Oct 15 2022, 3:23 PM
Closed by commit rG43f8c763cdee: if_me: Use dedicated network privilege (authored by zlei, committed by kp). · Explain Why
This revision was automatically updated to reflect the committed changes.
kp added a commit: rG43f8c763cdee: if_me: Use dedicated network privilege.
zlei added a commit: rG310f6f2448ed: if_me: Use dedicated network privilege.Jan 11 2023, 10:40 AM
zlei added a commit: rG92de6be41ef4: if_me: Use dedicated network privilege.Jan 13 2023, 4:33 AM

Revision Contents
Changeset List

PathSize
sys/
kern/
1 line
net/
2 lines
sys/
1 line

Diff 110934

View Options

sys/kern/kern_jail.c

Loading...
View Options

sys/net/if_me.c

Loading...
View Options

sys/sys/priv.h

Loading...