diff options
author | Serge E. Hallyn <serge.hallyn@canonical.com> | 2011-07-26 18:58:31 +0000 |
---|---|---|
committer | Eric W. Biederman <ebiederm@aristanetworks.com> | 2011-08-11 10:07:52 -0500 |
commit | b2ccbc8080d69fcf847f6fd1ec6369ea2995ec9f (patch) | |
tree | 1d860888124b32a45d14dfeda282c50f6cf279b2 | |
parent | 47767ff968cef285316b010f172dfb009d510b26 (diff) | |
download | linux-user-ns-devel-b2ccbc8080d69fcf847f6fd1ec6369ea2995ec9f.tar.gz |
af_netlink.c: make netlink_capable userns-aware
netlink_capable should check for permissions against the user
namespace owning the socket in question.
Changelog:
Per Eric Dumazet advice, use sock_net(sk) instead of #ifdef.
Signed-off-by: Serge E. Hallyn <serge.hallyn@canonical.com>
Cc: Eric W. Biederman <ebiederm@xmission.com>
Cc: Eric Dumazet <eric.dumazet@gmail.com>
-rw-r--r-- | net/netlink/af_netlink.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c index 0a4db0211da084..3cc0bbe2a10472 100644 --- a/net/netlink/af_netlink.c +++ b/net/netlink/af_netlink.c @@ -580,8 +580,9 @@ retry: static inline int netlink_capable(struct socket *sock, unsigned int flag) { - return (nl_table[sock->sk->sk_protocol].nl_nonroot & flag) || - capable(CAP_NET_ADMIN); + if (nl_table[sock->sk->sk_protocol].nl_nonroot & flag) + return 1; + return ns_capable(sock_net(sock->sk)->user_ns, CAP_NET_ADMIN); } static void |