Use virNetDevSetupControl instead of open coding using socket(AF_LOCAL...)
and clearing virIfreq.
By using virNetDevSetupControl, the socket is then opened using
AF_PACKET which requires being privileged (effectively root) in
order to complete successfully. Since that's now a requirement,
then the ioctl(SIOCETHTOOL) should not fail with EPERM, thus it
is removed from the filtered listed of failure codes.
Signed-off-by: John Ferlan <jferlan@xxxxxxxxxx>
---
src/util/virnetdev.c | 24 +++++++++---------------
1 file changed, 9 insertions(+), 15 deletions(-)
diff --git a/src/util/virnetdev.c b/src/util/virnetdev.c
index 0bc1a6f..ade9afa 100644
--- a/src/util/virnetdev.c
+++ b/src/util/virnetdev.c
@@ -3151,24 +3151,19 @@ static int
virNetDevSendEthtoolIoctl(const char *ifname, void *cmd)
{
int ret = -1;
- int sock = -1;
- virIfreq ifr;
+ int fd = -1;
+ struct ifreq ifr;
- sock = socket(AF_LOCAL, SOCK_DGRAM, 0);
- if (sock < 0) {
- virReportSystemError(errno, "%s", _("Cannot open control socket"));
- goto cleanup;
- }
+ /* Ultimately uses AF_PACKET for socket which requires privileged
+ * daemon support.
+ */
+ if ((fd = virNetDevSetupControl(ifname, &ifr)) < 0)
+ return ret;
- memset(&ifr, 0, sizeof(ifr));
- strcpy(ifr.ifr_name, ifname);
ifr.ifr_data = cmd;
- ret = ioctl(sock, SIOCETHTOOL, &ifr);
+ ret = ioctl(fd, SIOCETHTOOL, &ifr);
if (ret != 0) {
switch (errno) {
- case EPERM: /* attempt to call SIOCETHTOOL from unprivileged code */
- VIR_DEBUG("ethtool ioctl: permission denied");
- break;
case EINVAL: /* kernel doesn't support SIOCETHTOOL */
VIR_DEBUG("ethtool ioctl: invalid request");
break;
@@ -3182,8 +3177,7 @@ virNetDevSendEthtoolIoctl(const char *ifname, void *cmd)
}
cleanup:
- if (sock)
- VIR_FORCE_CLOSE(sock);
+ VIR_FORCE_CLOSE(fd);
return ret;
}
--
2.1.0
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list