net: psp: require admin permission for dev-set and key-rotate

The dev-set and key-rotate netlink operations modify shared device state (PSP version configuration and cryptographic key material, respectively) but do not require CAP_NET_ADMIN. The only access control is psp_dev_check_access() which merely verifies netns membership. Fixes: 00c94ca2b99e ("psp: base PSP device support") Reviewed-by: Daniel Zahka <daniel.zahka@gmail.com> Reviewed-by: Willem de Bruijn <willemb@google.com> Link: https://patch.msgid.link/20260427195856.401223-1-kuba@kernel.org Signed-off-by: Jakub Kicinski <kuba@kernel.org>
author: Jakub Kicinski <kuba@kernel.org> 2026-04-27 12:58:56 -0700
committer: Jakub Kicinski <kuba@kernel.org> 2026-04-28 17:44:20 -0700
commit: b718342a7fbaa2dff5fefc31988c07af8c6cbc21 (patch)
tree: 5a9912a82d45107ae363a3f9f603db8b3882865b /Documentation
parent: b89769f936a8fa9e66de72ddc1b71a9745a488e6 (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/Documentation/netlink/specs/psp.yaml b/Documentation/netlink/specs/psp.yaml
index 100c36cda8e5..bfcd6e4ecb85 100644
--- a/Documentation/netlink/specs/psp.yaml
+++ b/Documentation/netlink/specs/psp.yaml
@@ -188,6 +188,7 @@ operations:
       name: dev-set
       doc: Set the configuration of a PSP device.
       attribute-set: dev
+      flags: [admin-perm]
       do:
         request:
           attributes:
@@ -207,6 +208,7 @@ operations:
       name: key-rotate
       doc: Rotate the device key.
       attribute-set: dev
+      flags: [admin-perm]
       do:
         request:
           attributes:
author	Jakub Kicinski <kuba@kernel.org>	2026-04-27 12:58:56 -0700
committer	Jakub Kicinski <kuba@kernel.org>	2026-04-28 17:44:20 -0700
commit	b718342a7fbaa2dff5fefc31988c07af8c6cbc21 (patch)
tree	5a9912a82d45107ae363a3f9f603db8b3882865b /Documentation
parent	b89769f936a8fa9e66de72ddc1b71a9745a488e6 (diff)