On Mon, Dec 11, 2023 at 02:42:57PM +0200, Ido Schimmel wrote: > Restrict two generic netlink multicast groups - in the "psample" and > "NET_DM" families - to be root-only with the appropriate capabilities. > > Patch #1 is a dependency of patch #2 which is needed by the actual fixes > in patches #3 and #4. > > Florian Westphal (1): > netlink: don't call ->netlink_bind with table lock held > > Ido Schimmel (3): > genetlink: add CAP_NET_ADMIN test for multicast bind > psample: Require 'CAP_NET_ADMIN' when joining "packets" group > drop_monitor: Require 'CAP_SYS_ADMIN' when joining "events" group > > include/net/genetlink.h | 3 +++ > net/core/drop_monitor.c | 4 +++- > net/netlink/af_netlink.c | 4 ++-- > net/netlink/genetlink.c | 35 +++++++++++++++++++++++++++++++++++ > net/psample/psample.c | 3 ++- > 5 files changed, 45 insertions(+), 4 deletions(-) > > -- > 2.40.1 > > All backports now queued up, thanks! greg k-h
