diff options
author | Stéphane Graber <stgraber@ubuntu.com> | 2014-04-30 19:25:43 +0400 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2014-05-03 01:43:25 +0400 |
commit | 4e8bbb819d1594a01f91b1de83321f68d3e6e245 (patch) | |
tree | b4f187161c4530eab963ee8d1e35d42366d2fa1a /net/sched/cls_api.c | |
parent | 3c4de5a0a3e7f8e5af18ed7a2275d189734f897a (diff) | |
download | linux-4e8bbb819d1594a01f91b1de83321f68d3e6e245.tar.xz |
net: Allow tc changes in user namespaces
This switches a few remaining capable(CAP_NET_ADMIN) to ns_capable so
that root in a user namespace may set tc rules inside that namespace.
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
Cc: "Eric W. Biederman" <ebiederm@xmission.com>
Cc: Jamal Hadi Salim <jhs@mojatatu.com>
Cc: "David S. Miller" <davem@davemloft.net>
Acked-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/sched/cls_api.c')
-rw-r--r-- | net/sched/cls_api.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/net/sched/cls_api.c b/net/sched/cls_api.c index a481bbe118d3..1a4a20267787 100644 --- a/net/sched/cls_api.c +++ b/net/sched/cls_api.c @@ -134,7 +134,8 @@ static int tc_ctl_tfilter(struct sk_buff *skb, struct nlmsghdr *n) int err; int tp_created = 0; - if ((n->nlmsg_type != RTM_GETTFILTER) && !capable(CAP_NET_ADMIN)) + if ((n->nlmsg_type != RTM_GETTFILTER) && + !ns_capable(net->user_ns, CAP_NET_ADMIN)) return -EPERM; replay: |