diff options
author | Serge E. Hallyn <serge.hallyn@canonical.com> | 2011-07-26 18:58:35 +0000 |
---|---|---|
committer | Eric W. Biederman <ebiederm@aristanetworks.com> | 2011-08-11 10:07:52 -0500 |
commit | 3e886e06460cdbbc7a9877e42ac2383b78cd23d8 (patch) | |
tree | e9a64094f00cc1aef7320afa7f9a47150d4966f1 | |
parent | bba0e29815037647f1eba880ffaedf3546df4548 (diff) | |
download | linux-user-ns-devel-3e886e06460cdbbc7a9877e42ac2383b78cd23d8.tar.gz |
user_ns: target af_key capability check
This presumes that it really is complete wrt network namespaces. Looking
at the code it appears to be.
Signed-off-by: Serge E. Hallyn <serge.hallyn@canonical.com>
Cc: Eric W. Biederman <ebiederm@xmission.com>
-rw-r--r-- | net/key/af_key.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/net/key/af_key.c b/net/key/af_key.c index 1e733e9073d00..1f90f4e20b185 100644 --- a/net/key/af_key.c +++ b/net/key/af_key.c @@ -141,7 +141,7 @@ static int pfkey_create(struct net *net, struct socket *sock, int protocol, struct sock *sk; int err; - if (!capable(CAP_NET_ADMIN)) + if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) return -EPERM; if (sock->type != SOCK_RAW) return -ESOCKTNOSUPPORT; |