xiaomi-sm8450/android_kernel_xiaomi_sm8450
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

net: Enable a userns root rtnl calls that are safe for unprivilged users

Browse Source 
- Only allow moving network devices to network namespaces you have
  CAP_NET_ADMIN privileges over.

- Enable creating/deleting/modifying interfaces
- Enable adding/deleting addresses
- Enable adding/setting/deleting neighbour entries
- Enable adding/removing routes
- Enable adding/removing fib rules
- Enable setting the forwarding state
- Enable adding/removing ipv6 address labels
- Enable setting bridge parameter

Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
Eric W. Biederman
2012-11-16 03:03:11 +00:00
committed by David S. Miller
parent c027aab4a6
commit b51642f6d7
9 changed files with 4 additions and 54 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
net/bridge/br_netlink.c
View File

@@ -240,9 +240,6 @@ int br_setlink(struct net_device *dev, struct nlmsghdr *nlh)
struct nlattr *tb[IFLA_BRPORT_MAX];
int err;
if (!capable(CAP_NET_ADMIN))
return -EPERM;
ifm = nlmsg_data(nlh);
protinfo = nlmsg_find_attr(nlh, sizeof(*ifm), IFLA_PROTINFO);