linux/net/core
Daniel Borkmann e020836d95 dev_ioctl: remove dev_load() CAP_SYS_MODULE message
Marcel reported to see the following message when autoloading
is being triggered when adding nlmon device:

  Loading kernel module for a network device with
  CAP_SYS_MODULE (deprecated). Use CAP_NET_ADMIN and alias
  netdev-nlmon instead.

This false-positive happens despite with having correct
capabilities set, e.g. through issuing `ip link del dev nlmon`
more than once on a valid device with name nlmon, but Marcel
has also seen it on creation time when no nlmon module is
previously compiled-in or loaded as module and the device
name equals a link type name (e.g. nlmon, vxlan, team).

Stephen says:

  The netdev module alias is a hold over from the past. For
  normal devices, people used to create a alias eth0 to and
  point it to the type of network device used, that was back
  in the bad old ISA days before real discovery.

  Also, the tunnels create module alias for the control device
  and ip used to use this to autoload the tunnel device.

  The message is bogus and should just be removed, I also see
  it in a couple of other cases where tap devices are renamed
  for other usese.

As mentioned in 8909c9ad8f ("net: don't allow CAP_NET_ADMIN
to load non-netdev kernel modules"), we nevertheless still
might want to leave the old autoloading behaviour in place
as it could break old scripts, so for now, lets just remove
the log message as Stephen suggests.

Reference: http://thread.gmane.org/gmane.linux.kernel/1105168
Reported-by: Marcel Holtmann <marcel@holtmann.org>
Suggested-by: Stephen Hemminger <stephen@networkplumber.org>
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
Cc: Vasiliy Kulikov <segoon@openwall.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2014-09-05 12:04:40 -07:00
..
datagram.c net: Fix save software checksum complete 2014-06-15 01:00:49 -07:00
dev_addr_lists.c net: Add support for device specific address syncing 2014-06-02 10:40:54 -07:00
dev_ioctl.c dev_ioctl: remove dev_load() CAP_SYS_MODULE message 2014-09-05 12:04:40 -07:00
dev.c qdisc: validate frames going through the direct_xmit path 2014-09-03 20:41:42 -07:00
drop_monitor.c drop_monitor: remove unnecessary break after return 2014-07-15 16:27:00 -07:00
dst.c ipv4: fix dst race in sk_dst_get() 2014-06-25 17:41:44 -07:00
ethtool.c ethtool: Check that reserved fields of struct ethtool_rxfh are 0 2014-06-03 02:43:16 +01:00
fib_rules.c net: fix 'ip rule' iif/oif device rename 2014-02-09 19:02:52 -08:00
filter.c net: bpf: make eBPF interpreter images read-only 2014-09-05 12:02:48 -07:00
flow_dissector.c net: make skb an optional parameter for__skb_flow_dissect() 2014-08-25 17:21:26 -07:00
flow.c CPU hotplug notifiers registration fixes for 3.15-rc1 2014-04-07 14:55:46 -07:00
gen_estimator.c net_sched: add 64bit rate estimators 2013-06-11 02:51:03 -07:00
gen_stats.c net_sched: add 64bit rate estimators 2013-06-11 02:51:03 -07:00
iovec.c net: sendmsg: fix NULL pointer dereference 2014-07-29 12:20:22 -07:00
link_watch.c arch: Mass conversion of smp_mb__*() 2014-04-18 14:20:48 +02:00
Makefile net: Add a software TSO helper API 2014-05-22 14:57:15 -04:00
neighbour.c neighbour : fix ndm_type type error issue 2014-07-28 17:52:17 -07:00
net_namespace.c namespaces: Use task_lock and not rcu to protect nsproxy 2014-07-29 18:08:50 -07:00
net-procfs.c rps: selective flow shedding during softnet overflow 2013-05-20 13:48:04 -07:00
net-sysfs.c net: do not name the pointer to struct net_device net 2014-07-24 23:33:55 -07:00
net-sysfs.h net: netdev_kobject_init: annotate with __init 2014-01-05 20:27:54 -05:00
net-traces.c net: Add export.h for EXPORT_SYMBOL/THIS_MODULE to non-modules 2011-10-31 19:30:30 -04:00
netclassid_cgroup.c cgroup: rename cgroup_subsys->base_cftypes to ->legacy_cftypes 2014-07-15 11:05:09 -04:00
netevent.c net: Add export.h for EXPORT_SYMBOL/THIS_MODULE to non-modules 2011-10-31 19:30:30 -04:00
netpoll.c net: Pass a "more" indication down into netdev_start_xmit() code paths. 2014-09-01 17:39:55 -07:00
netprio_cgroup.c cgroup: rename cgroup_subsys->base_cftypes to ->legacy_cftypes 2014-07-15 11:05:09 -04:00
pktgen.c pktgen: add flag NO_TIMESTAMP to disable timestamping 2014-09-01 18:06:59 -07:00
ptp_classifier.c net: filter: split 'struct sk_filter' into socket and bpf parts 2014-08-02 15:03:58 -07:00
request_sock.c inet: reduce TLB pressure for listeners 2014-06-25 16:37:24 -07:00
rtnetlink.c rtnl/do_setlink(): notify when a netdev is modified 2014-09-02 12:57:04 -07:00
scm.c Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace 2013-09-07 14:35:32 -07:00
secure_seq.c net: use ktime_get_ns() and ktime_get_real_ns() helpers 2014-08-22 19:57:23 -07:00
skbuff.c sock: deduplicate errqueue dequeue 2014-09-01 21:49:08 -07:00
sock_diag.c net: filter: split 'struct sk_filter' into socket and bpf parts 2014-08-02 15:03:58 -07:00
sock.c sock: deduplicate errqueue dequeue 2014-09-01 21:49:08 -07:00
stream.c net: replace macros net_random and net_srandom with direct calls to prandom 2014-01-14 15:15:25 -08:00
sysctl_net_core.c rps: NUMA flow limit allocations 2013-12-19 19:00:07 -05:00
timestamping.c net: Simplify ptp class checks 2014-07-07 16:57:09 -07:00
tso.c net: tso: Export symbols for modular build 2014-05-30 15:52:03 -07:00
user_dma.c net: Add export.h for EXPORT_SYMBOL/THIS_MODULE to non-modules 2011-10-31 19:30:30 -04:00
utils.c net: avoid dependency of net_get_random_once on nop patching 2014-05-14 00:37:34 -04:00