X-Git-Url: https://git.proxmox.com/?a=blobdiff_plain;f=qemu-bridge-helper.c;h=6a0974eb4881a6d441e44713bd8c7072a845be7c;hb=0478f37ce258438d74164dd182b0ae125f174ec6;hp=01eeb38c58a10103b1b727568b0895347de26f35;hpb=bdef79a2994d6f0383e07e9597675711662b3031;p=qemu.git

diff --git a/qemu-bridge-helper.c b/qemu-bridge-helper.c
index 01eeb38c5..6a0974eb4 100644
--- a/qemu-bridge-helper.c
+++ b/qemu-bridge-helper.c
@@ -35,10 +35,18 @@
 
 #include <linux/sockios.h>
 
-#include "qemu-queue.h"
+#ifndef SIOCBRADDIF
+#include <linux/if_bridge.h>
+#endif
+
+#include "qemu/queue.h"
 
 #include "net/tap-linux.h"
 
+#ifdef CONFIG_LIBCAP
+#include <cap-ng.h>
+#endif
+
 #define DEFAULT_ACL_FILE CONFIG_QEMU_CONFDIR "/bridge.conf"
 
 enum {
@@ -193,9 +201,34 @@ static int send_fd(int c, int fd)
     return sendmsg(c, &msg, 0);
 }
 
+#ifdef CONFIG_LIBCAP
+static int drop_privileges(void)
+{
+    /* clear all capabilities */
+    capng_clear(CAPNG_SELECT_BOTH);
+
+    if (capng_update(CAPNG_ADD, CAPNG_EFFECTIVE | CAPNG_PERMITTED,
+                     CAP_NET_ADMIN) < 0) {
+        return -1;
+    }
+
+    /* change to calling user's real uid and gid, retaining supplemental
+     * groups and CAP_NET_ADMIN */
+    if (capng_change_id(getuid(), getgid(), CAPNG_CLEAR_BOUNDING)) {
+        return -1;
+    }
+
+    return 0;
+}
+#endif
+
 int main(int argc, char **argv)
 {
     struct ifreq ifr;
+#ifndef SIOCBRADDIF
+    unsigned long ifargs[4];
+#endif
+    int ifindex;
     int fd, ctlfd, unixfd = -1;
     int use_vnet = 0;
     int mtu;
@@ -207,6 +240,17 @@ int main(int argc, char **argv)
     int access_allowed, access_denied;
     int ret = EXIT_SUCCESS;
 
+#ifdef CONFIG_LIBCAP
+    /* if we're run from an suid binary, immediately drop privileges preserving
+     * cap_net_admin */
+    if (geteuid() == 0 && getuid() != geteuid()) {
+        if (drop_privileges() == -1) {
+            fprintf(stderr, "failed to drop privileges\n");
+            return 1;
+        }
+    }
+#endif
+
     /* parse arguments */
     for (index = 1; index < argc; index++) {
         if (strcmp(argv[index], "--use-vnet") == 0) {
@@ -323,11 +367,39 @@ int main(int argc, char **argv)
         goto cleanup;
     }
 
+    /* Linux uses the lowest enslaved MAC address as the MAC address of
+     * the bridge.  Set MAC address to a high value so that it doesn't
+     * affect the MAC address of the bridge.
+     */
+    if (ioctl(ctlfd, SIOCGIFHWADDR, &ifr) < 0) {
+        fprintf(stderr, "failed to get MAC address of device `%s': %s\n",
+                iface, strerror(errno));
+        ret = EXIT_FAILURE;
+        goto cleanup;
+    }
+    ifr.ifr_hwaddr.sa_data[0] = 0xFE;
+    if (ioctl(ctlfd, SIOCSIFHWADDR, &ifr) < 0) {
+        fprintf(stderr, "failed to set MAC address of device `%s': %s\n",
+                iface, strerror(errno));
+        ret = EXIT_FAILURE;
+        goto cleanup;
+    }
+
     /* add the interface to the bridge */
     prep_ifreq(&ifr, bridge);
-    ifr.ifr_ifindex = if_nametoindex(iface);
-
-    if (ioctl(ctlfd, SIOCBRADDIF, &ifr) == -1) {
+    ifindex = if_nametoindex(iface);
+#ifndef SIOCBRADDIF
+    ifargs[0] = BRCTL_ADD_IF;
+    ifargs[1] = ifindex;
+    ifargs[2] = 0;
+    ifargs[3] = 0;
+    ifr.ifr_data = (void *)ifargs;
+    ret = ioctl(ctlfd, SIOCDEVPRIVATE, &ifr);
+#else
+    ifr.ifr_ifindex = ifindex;
+    ret = ioctl(ctlfd, SIOCBRADDIF, &ifr);
+#endif
+    if (ret == -1) {
         fprintf(stderr, "failed to add interface `%s' to bridge `%s': %s\n",
                 iface, bridge, strerror(errno));
         ret = EXIT_FAILURE;