From 0b28adbd0937000df320259c5eb55b894c84a1f7 Mon Sep 17 00:00:00 2001 From: inspurSDN Date: Tue, 1 Mar 2022 07:05:43 +0000 Subject: [PATCH] [201911] Support vrf mgmt for aaa Consider if the socket is bound to a device when binding. --- patch/Support-aaa-for-mgmt-vrf.patch | 25 +++++++++++++++++++++++++ patch/series | 1 + 2 files changed, 26 insertions(+) create mode 100644 patch/Support-aaa-for-mgmt-vrf.patch diff --git a/patch/Support-aaa-for-mgmt-vrf.patch b/patch/Support-aaa-for-mgmt-vrf.patch new file mode 100644 index 000000000..c6d78929e --- /dev/null +++ b/patch/Support-aaa-for-mgmt-vrf.patch @@ -0,0 +1,25 @@ +From 62228e8a35770a9f7059533acb51846872c03777 Mon Sep 17 00:00:00 2001 +From: inspurSDN +Date: Tue, 1 Mar 2022 14:38:35 +0000 +Subject: [PATCH] Consider if the socket is bound to a device when binding. + +--- + net/core/sock.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/net/core/sock.c b/net/core/sock.c +index 4d60e7fc..ef504469 100644 +--- a/net/core/sock.c ++++ b/net/core/sock.c +@@ -534,7 +534,7 @@ static int sock_setbindtodevice(struct sock *sk, char __user *optval, + + /* Sorry... */ + ret = -EPERM; +- if (!ns_capable(net->user_ns, CAP_NET_RAW)) ++ if (sk->sk_bound_dev_if && !ns_capable(net->user_ns, CAP_NET_RAW)) + goto out; + + ret = -EINVAL; +-- +2.17.1 + diff --git a/patch/series b/patch/series index d385a57f9..15ea80feb 100755 --- a/patch/series +++ b/patch/series @@ -132,6 +132,7 @@ driver-ixgbe-external-phy.patch fix_ismt_alignment_issue.patch net-psample-module-unload.patch config-sensor-mp2975.patch +Support-aaa-for-mgmt-vrf.patch # # This series applies on GIT commit 1451b36b2b0d62178e42f648d8a18131af18f7d8 # Tkernel-sched-core-fix-cgroup-fork-race.patch