dfc47ef863
- In rtnetlink_rcv_msg convert the capable(CAP_NET_ADMIN) check to ns_capable(net->user-ns, CAP_NET_ADMIN). Allowing unprivileged users to make netlink calls to modify their local network namespace. - In the rtnetlink doit methods add capable(CAP_NET_ADMIN) so that calls that are not safe for unprivileged users are still protected. Later patches will remove the extra capable calls from methods that are safe for unprivilged users. Acked-by: Serge Hallyn <serge.hallyn@canonical.com> Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com> Signed-off-by: David S. Miller <davem@davemloft.net> |
||
|---|---|---|
| .. | ||
| Kconfig | ||
| Makefile | ||
| act_api.c | ||
| act_csum.c | ||
| act_gact.c | ||
| act_ipt.c | ||
| act_mirred.c | ||
| act_nat.c | ||
| act_pedit.c | ||
| act_police.c | ||
| act_simple.c | ||
| act_skbedit.c | ||
| cls_api.c | ||
| cls_basic.c | ||
| cls_cgroup.c | ||
| cls_flow.c | ||
| cls_fw.c | ||
| cls_route.c | ||
| cls_rsvp.c | ||
| cls_rsvp.h | ||
| cls_rsvp6.c | ||
| cls_tcindex.c | ||
| cls_u32.c | ||
| em_canid.c | ||
| em_cmp.c | ||
| em_ipset.c | ||
| em_meta.c | ||
| em_nbyte.c | ||
| em_text.c | ||
| em_u32.c | ||
| ematch.c | ||
| sch_api.c | ||
| sch_atm.c | ||
| sch_blackhole.c | ||
| sch_cbq.c | ||
| sch_choke.c | ||
| sch_codel.c | ||
| sch_drr.c | ||
| sch_dsmark.c | ||
| sch_fifo.c | ||
| sch_fq_codel.c | ||
| sch_generic.c | ||
| sch_gred.c | ||
| sch_hfsc.c | ||
| sch_htb.c | ||
| sch_ingress.c | ||
| sch_mq.c | ||
| sch_mqprio.c | ||
| sch_multiq.c | ||
| sch_netem.c | ||
| sch_plug.c | ||
| sch_prio.c | ||
| sch_qfq.c | ||
| sch_red.c | ||
| sch_sfb.c | ||
| sch_sfq.c | ||
| sch_tbf.c | ||
| sch_teql.c | ||