net: check kern before calling security subsystem

Before calling capable(CAP_NET_RAW) check if this operations is on behalf
of the kernel or on behalf of userspace.  Do not do the security check if
it is on behalf of the kernel.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

diff --git a/net/bluetooth/l2cap.c b/net/bluetooth/l2cap.c
index 365ae161d702b8f6174df8e5ceaf04c825d7a760..ff0233df62467afdbaba6c1725ef54e621ae7481 100644 (file)
--- a/net/bluetooth/l2cap.c
+++ b/net/bluetooth/l2cap.c
@@ -832,7 +832,7 @@ static int l2cap_sock_create(struct net *net, struct socket *sock, int protocol,
                        sock->type != SOCK_DGRAM && sock->type != SOCK_RAW)
                return -ESOCKTNOSUPPORT;
 
-       if (sock->type == SOCK_RAW && !capable(CAP_NET_RAW))
+       if (sock->type == SOCK_RAW && !kern && !capable(CAP_NET_RAW))
                return -EPERM;
 
        sock->ops = &l2cap_sock_ops;

diff --git a/net/ipv4/af_inet.c b/net/ipv4/af_inet.c
index 5c7e42c02afbf187ce8be0d842bca3eda629c677..7d12c6a9b19b14d4534e01821e71741e6c5099f0 100644 (file)
--- a/net/ipv4/af_inet.c
+++ b/net/ipv4/af_inet.c
@@ -326,7 +326,7 @@ lookup_protocol:
        }
 
        err = -EPERM;
-       if (sock->type == SOCK_RAW && !capable(CAP_NET_RAW))
+       if (sock->type == SOCK_RAW && !kern && !capable(CAP_NET_RAW))
                goto out_rcu_unlock;
 
        err = -EAFNOSUPPORT;

diff --git a/net/ipv6/af_inet6.c b/net/ipv6/af_inet6.c
index 45ed5e05ab329017d10aefbf26ba326886e5ccc1..12e69d364dd56a1d7542ce73cf04268a52f667d7 100644 (file)
--- a/net/ipv6/af_inet6.c
+++ b/net/ipv6/af_inet6.c
@@ -159,7 +159,7 @@ lookup_protocol:
        }
 
        err = -EPERM;
-       if (sock->type == SOCK_RAW && !capable(CAP_NET_RAW))
+       if (sock->type == SOCK_RAW && !kern && !capable(CAP_NET_RAW))
                goto out_rcu_unlock;
 
        sock->ops = answer->ops;