On Thu, May 09, 2019 at 02:54:08PM +0800, Hangbin Liu wrote:
> Miroslav pointed that with NET_ADMIN enabled in container, a normal user
> could be mapped to root and is able to change the real device's rx
> filter via ioctl on macvlan, which would affect the other ptp process on
> host. Fix it by disabling SIOCSHWTSTAMP in container.
>
> Fixes: 254c0a2bfedb ("macvlan: pass get_ts_info and SIOC[SG]HWTSTAMP ioctl to
> real device")
> Signed-off-by: Hangbin Liu <liuhang...@gmail.com>
Acked-by: Richard Cochran <richardcoch...@gmail.com>
