netns: bridge: allow unprivileged users add/delete mdb entry
authorGao feng <gaofeng@cn.fujitsu.com>
Thu, 31 Jan 2013 16:30:59 +0000 (16:30 +0000)
committerDavid S. Miller <davem@davemloft.net>
Mon, 4 Feb 2013 18:12:16 +0000 (13:12 -0500)
since the mdb table is belong to bridge device,and the
bridge device can only be seen in one netns.
So it's safe to allow unprivileged user which is the
creator of userns and netns to modify the mdb table.

Signed-off-by: Gao feng <gaofeng@cn.fujitsu.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
net/bridge/br_mdb.c

index acc9f4cc18f77a3598b2190e2f38f3acb8a03e36..38991e03646de3d5bbd142ef2bdebcd3175003e4 100644 (file)
@@ -272,9 +272,6 @@ static int br_mdb_parse(struct sk_buff *skb, struct nlmsghdr *nlh,
        struct net_device *dev;
        int err;
 
-       if (!capable(CAP_NET_ADMIN))
-               return -EPERM;
-
        err = nlmsg_parse(nlh, sizeof(*bpm), tb, MDBA_SET_ENTRY, NULL);
        if (err < 0)
                return err;