From: Hangbin Liu <liuhang...@gmail.com>
Date: Thu, 9 May 2019 14:54:08 +0800
> Miroslav pointed that with NET_ADMIN enabled in container, a normal user
> could be mapped to root and is able to change the real device's rx
> filter via ioctl on macvlan, which would affect the other ptp process on
> host. Fix it by disabling SIOCSHWTSTAMP in container.
>
> Fixes: 254c0a2bfedb ("macvlan: pass get_ts_info and SIOC[SG]HWTSTAMP ioctl to
> real device")
> Signed-off-by: Hangbin Liu <liuhang...@gmail.com>
Applied and queued up for -stable.
