user_ns: target af_key capability check

This presumes that it really is complete wrt network namespaces. Looking at the code it appears to be. Signed-off-by: Serge E. Hallyn <serge.hallyn@canonical.com> Cc: Eric W. Biederman <ebiederm@xmission.com>
author: Serge E. Hallyn <serge.hallyn@canonical.com> 2011-07-26 18:58:35 +0000
committer: Eric W. Biederman <ebiederm@aristanetworks.com> 2011-08-11 10:07:52 -0500
commit: 3e886e06460cdbbc7a9877e42ac2383b78cd23d8 (patch)
tree: e9a64094f00cc1aef7320afa7f9a47150d4966f1
parent: bba0e29815037647f1eba880ffaedf3546df4548 (diff)
download: linux-user-ns-devel-3e886e06460cdbbc7a9877e42ac2383b78cd23d8.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/net/key/af_key.c b/net/key/af_key.c
index 1e733e9073d00..1f90f4e20b185 100644
--- a/net/key/af_key.c
+++ b/net/key/af_key.c
@@ -141,7 +141,7 @@ static int pfkey_create(struct net *net, struct socket *sock, int protocol,
 	struct sock *sk;
 	int err;
 
-	if (!capable(CAP_NET_ADMIN))
+	if (!ns_capable(net->user_ns, CAP_NET_ADMIN))
 		return -EPERM;
 	if (sock->type != SOCK_RAW)
 		return -ESOCKTNOSUPPORT;
author	Serge E. Hallyn <serge.hallyn@canonical.com>	2011-07-26 18:58:35 +0000
committer	Eric W. Biederman <ebiederm@aristanetworks.com>	2011-08-11 10:07:52 -0500
commit	3e886e06460cdbbc7a9877e42ac2383b78cd23d8 (patch)
tree	e9a64094f00cc1aef7320afa7f9a47150d4966f1
parent	bba0e29815037647f1eba880ffaedf3546df4548 (diff)
download	linux-user-ns-devel-3e886e06460cdbbc7a9877e42ac2383b78cd23d8.tar.gz