xiaomi-sm8450/android_kernel_xiaomi_sm8450
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

net: Enable a userns root rtnl calls that are safe for unprivilged users

Browse Source 
- Only allow moving network devices to network namespaces you have
  CAP_NET_ADMIN privileges over.

- Enable creating/deleting/modifying interfaces
- Enable adding/deleting addresses
- Enable adding/setting/deleting neighbour entries
- Enable adding/removing routes
- Enable adding/removing fib rules
- Enable setting the forwarding state
- Enable adding/removing ipv6 address labels
- Enable setting bridge parameter

Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
Eric W. Biederman
2012-11-16 03:03:11 +00:00
committed by David S. Miller
parent c027aab4a6
commit b51642f6d7
9 changed files with 4 additions and 54 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
net/ipv4/fib_frontend.c
View File

@@ -613,9 +613,6 @@ static int inet_rtm_delroute(struct sk_buff *skb, struct nlmsghdr *nlh, void *ar
struct fib_table *tb;
int err;
if (!capable(CAP_NET_ADMIN))
return -EPERM;
err = rtm_to_fib_config(net, skb, nlh, &cfg);
if (err < 0)
goto errout;
@@ -638,9 +635,6 @@ static int inet_rtm_newroute(struct sk_buff *skb, struct nlmsghdr *nlh, void *ar
struct fib_table *tb;
int err;
if (!capable(CAP_NET_ADMIN))
return -EPERM;
err = rtm_to_fib_config(net, skb, nlh, &cfg);
if (err < 0)
goto errout;