diff options
author | Eric W. Biederman <ebiederm@xmission.com> | 2012-11-16 07:03:08 +0400 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2012-11-19 05:33:00 +0400 |
commit | cb99050305f0ffed0d0ee0d95f1d6645af4d3237 (patch) | |
tree | e9e215981cf3ad1487c5d5ede58bc34c0f97ddb1 /net/bridge/br_sysfs_if.c | |
parent | df008c91f83583e662ac54aee00004afc3f1894d (diff) | |
download | linux-cb99050305f0ffed0d0ee0d95f1d6645af4d3237.tar.xz |
net: Allow userns root to control the network bridge code.
Allow an unpriviled user who has created a user namespace, and then
created a network namespace to effectively use the new network
namespace, by reducing capable(CAP_NET_ADMIN) and
capable(CAP_NET_RAW) calls to be ns_capable(net->user_ns,
CAP_NET_ADMIN), or capable(net->user_ns, CAP_NET_RAW) calls.
Allow setting bridge paramters via sysfs.
Allow all of the bridge ioctls:
BRCTL_ADD_IF
BRCTL_DEL_IF
BRCTL_SET_BRDIGE_FORWARD_DELAY
BRCTL_SET_BRIDGE_HELLO_TIME
BRCTL_SET_BRIDGE_MAX_AGE
BRCTL_SET_BRIDGE_AGING_TIME
BRCTL_SET_BRIDGE_STP_STATE
BRCTL_SET_BRIDGE_PRIORITY
BRCTL_SET_PORT_PRIORITY
BRCTL_SET_PATH_COST
BRCTL_ADD_BRIDGE
BRCTL_DEL_BRDIGE
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/bridge/br_sysfs_if.c')
-rw-r--r-- | net/bridge/br_sysfs_if.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/net/bridge/br_sysfs_if.c b/net/bridge/br_sysfs_if.c index 80a4fc5d96ab..7ff95ba21982 100644 --- a/net/bridge/br_sysfs_if.c +++ b/net/bridge/br_sysfs_if.c @@ -221,7 +221,7 @@ static ssize_t brport_store(struct kobject * kobj, char *endp; unsigned long val; - if (!capable(CAP_NET_ADMIN)) + if (!ns_capable(dev_net(p->dev)->user_ns, CAP_NET_ADMIN)) return -EPERM; val = simple_strtoul(buf, &endp, 0); |