net: Push capable(CAP_NET_ADMIN) into the rtnl methods
authorEric W. Biederman <ebiederm@xmission.com>
Fri, 16 Nov 2012 03:03:00 +0000 (03:03 +0000)
committerDavid S. Miller <davem@davemloft.net>
Mon, 19 Nov 2012 01:32:44 +0000 (20:32 -0500)
commitdfc47ef8639facd77210e74be831943c2fdd9c74
tree5c7e9f93a999bf1d38b216af346ce2159e5f18ec
parent464dc801c76aa0db88e16e8f5f47c6879858b9b2
net: Push capable(CAP_NET_ADMIN) into the rtnl methods

- In rtnetlink_rcv_msg convert the capable(CAP_NET_ADMIN) check
  to ns_capable(net->user-ns, CAP_NET_ADMIN).  Allowing unprivileged
  users to make netlink calls to modify their local network
  namespace.

- In the rtnetlink doit methods add capable(CAP_NET_ADMIN) so
  that calls that are not safe for unprivileged users are still
  protected.

Later patches will remove the extra capable calls from methods
that are safe for unprivilged users.

Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
17 files changed:
net/bridge/br_netlink.c
net/can/gw.c
net/core/fib_rules.c
net/core/neighbour.c
net/core/rtnetlink.c
net/dcb/dcbnl.c
net/decnet/dn_dev.c
net/decnet/dn_fib.c
net/ipv4/devinet.c
net/ipv4/fib_frontend.c
net/ipv6/addrconf.c
net/ipv6/addrlabel.c
net/ipv6/route.c
net/phonet/pn_netlink.c
net/sched/act_api.c
net/sched/cls_api.c
net/sched/sch_api.c