From 1c9a8746efcb753d34c0a0470cc5846af6f71bd5 Mon Sep 17 00:00:00 2001
From: Laine Stump <laine@laine.org>
Date: Fri, 17 Mar 2017 17:33:42 -0400
Subject: [PATCH] util: use AF_UNIX family (not AF_PACKET) for ioctl sockets

The exact family of the socket created for the fd used by ioctl(7)
doesn't matter, it just needs to be a socket and not a file. But for
some reason when macvtap support was added, it used
AF_PACKET/SOCK_DGRAM sockets for its ioctls; we later used the same
AF_PACKET/SOCK_DGRAM socket for new ioctls we added, and eventually
modified the other pre-existing ioctl sockets (for creating/deleting
bridges) to also use AF_PACKET/SOCK_DGRAM (that code originally used
AF_UNIX/SOCK_STREAM).

The problem with using AF_PACKET (intended for sending/receiving "raw"
packets, i.e. packets that can be some protocol other than TCP or UDP)
is that it requires root privileges. This meant that none of the
ioctls in virnetdev.c or virnetdevip.c would work when running
libvirtd unprivileged.

This packet solves that problem by changing the family to AF_UNIX when
creating the socket used for any ioctl().
---
 src/util/virnetdev.c   | 5 +----
 src/util/virnetdevip.c | 2 +-
 2 files changed, 2 insertions(+), 5 deletions(-)

diff --git a/src/util/virnetdev.c b/src/util/virnetdev.c
index 91a5274aa5..acc6c2ea7e 100644
--- a/src/util/virnetdev.c
+++ b/src/util/virnetdev.c
@@ -41,7 +41,7 @@
 #ifdef __linux__
 # include <linux/sockios.h>
 # include <linux/if_vlan.h>
-# define VIR_NETDEV_FAMILY AF_PACKET
+# define VIR_NETDEV_FAMILY AF_UNIX
 #elif defined(HAVE_STRUCT_IFREQ) && defined(AF_LOCAL)
 # define VIR_NETDEV_FAMILY AF_LOCAL
 #else
@@ -2589,9 +2589,6 @@ virNetDevGetFeatures(const char *ifname,
         return 0;
     }
 
-    /* Ultimately uses AF_PACKET for socket which requires privileged
-     * daemon support.
-     */
     if ((fd = virNetDevSetupControl(ifname, &ifr)) < 0)
         goto cleanup;
 
diff --git a/src/util/virnetdevip.c b/src/util/virnetdevip.c
index a4d3824279..c9ac6baf73 100644
--- a/src/util/virnetdevip.c
+++ b/src/util/virnetdevip.c
@@ -44,7 +44,7 @@
 #ifdef __linux__
 # include <linux/sockios.h>
 # include <linux/if_vlan.h>
-# define VIR_NETDEV_FAMILY AF_PACKET
+# define VIR_NETDEV_FAMILY AF_UNIX
 #elif defined(HAVE_STRUCT_IFREQ) && defined(AF_LOCAL)
 # define VIR_NETDEV_FAMILY AF_LOCAL
 #else
-- 
2.47.2