aboutsummaryrefslogtreecommitdiffstats
path: root/net/8021q
diff options
context:
space:
mode:
authorEric W. Biederman <ebiederm@xmission.com>2012-11-15 22:03:09 -0500
committerDavid S. Miller <davem@davemloft.net>2012-11-18 20:33:00 -0500
commit276996fda0f33bd5e5e028c426f852ecd119372b (patch)
treef26b522e2ad3775b31b1ecc45c50a4ac9120988a /net/8021q
parentcb99050305f0ffed0d0ee0d95f1d6645af4d3237 (diff)
net: Allow the userns root to control vlans.
Allow an unpriviled user who has created a user namespace, and then created a network namespace to effectively use the new network namespace, by reducing capable(CAP_NET_ADMIN) and capable(CAP_NET_RAW) calls to be ns_capable(net->user_ns, CAP_NET_ADMIN), or capable(net->user_ns, CAP_NET_RAW) calls. Allow the vlan ioctls: SET_VLAN_INGRESS_PRIORITY_CMD SET_VLAN_EGRESS_PRIORITY_CMD SET_VLAN_FLAG_CMD SET_VLAN_NAME_TYPE_CMD ADD_VLAN_CMD DEL_VLAN_CMD Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/8021q')
-rw-r--r--net/8021q/vlan.c12
1 files changed, 6 insertions, 6 deletions
diff --git a/net/8021q/vlan.c b/net/8021q/vlan.c
index 30ee4bc0f7c..afba51e6031 100644
--- a/net/8021q/vlan.c
+++ b/net/8021q/vlan.c
@@ -529,7 +529,7 @@ static int vlan_ioctl_handler(struct net *net, void __user *arg)
529 switch (args.cmd) { 529 switch (args.cmd) {
530 case SET_VLAN_INGRESS_PRIORITY_CMD: 530 case SET_VLAN_INGRESS_PRIORITY_CMD:
531 err = -EPERM; 531 err = -EPERM;
532 if (!capable(CAP_NET_ADMIN)) 532 if (!ns_capable(net->user_ns, CAP_NET_ADMIN))
533 break; 533 break;
534 vlan_dev_set_ingress_priority(dev, 534 vlan_dev_set_ingress_priority(dev,
535 args.u.skb_priority, 535 args.u.skb_priority,
@@ -539,7 +539,7 @@ static int vlan_ioctl_handler(struct net *net, void __user *arg)
539 539
540 case SET_VLAN_EGRESS_PRIORITY_CMD: 540 case SET_VLAN_EGRESS_PRIORITY_CMD:
541 err = -EPERM; 541 err = -EPERM;
542 if (!capable(CAP_NET_ADMIN)) 542 if (!ns_capable(net->user_ns, CAP_NET_ADMIN))
543 break; 543 break;
544 err = vlan_dev_set_egress_priority(dev, 544 err = vlan_dev_set_egress_priority(dev,
545 args.u.skb_priority, 545 args.u.skb_priority,
@@ -548,7 +548,7 @@ static int vlan_ioctl_handler(struct net *net, void __user *arg)
548 548
549 case SET_VLAN_FLAG_CMD: 549 case SET_VLAN_FLAG_CMD:
550 err = -EPERM; 550 err = -EPERM;
551 if (!capable(CAP_NET_ADMIN)) 551 if (!ns_capable(net->user_ns, CAP_NET_ADMIN))
552 break; 552 break;
553 err = vlan_dev_change_flags(dev, 553 err = vlan_dev_change_flags(dev,
554 args.vlan_qos ? args.u.flag : 0, 554 args.vlan_qos ? args.u.flag : 0,
@@ -557,7 +557,7 @@ static int vlan_ioctl_handler(struct net *net, void __user *arg)
557 557
558 case SET_VLAN_NAME_TYPE_CMD: 558 case SET_VLAN_NAME_TYPE_CMD:
559 err = -EPERM; 559 err = -EPERM;
560 if (!capable(CAP_NET_ADMIN)) 560 if (!ns_capable(net->user_ns, CAP_NET_ADMIN))
561 break; 561 break;
562 if ((args.u.name_type >= 0) && 562 if ((args.u.name_type >= 0) &&
563 (args.u.name_type < VLAN_NAME_TYPE_HIGHEST)) { 563 (args.u.name_type < VLAN_NAME_TYPE_HIGHEST)) {
@@ -573,14 +573,14 @@ static int vlan_ioctl_handler(struct net *net, void __user *arg)
573 573
574 case ADD_VLAN_CMD: 574 case ADD_VLAN_CMD:
575 err = -EPERM; 575 err = -EPERM;
576 if (!capable(CAP_NET_ADMIN)) 576 if (!ns_capable(net->user_ns, CAP_NET_ADMIN))
577 break; 577 break;
578 err = register_vlan_device(dev, args.u.VID); 578 err = register_vlan_device(dev, args.u.VID);
579 break; 579 break;
580 580
581 case DEL_VLAN_CMD: 581 case DEL_VLAN_CMD:
582 err = -EPERM; 582 err = -EPERM;
583 if (!capable(CAP_NET_ADMIN)) 583 if (!ns_capable(net->user_ns, CAP_NET_ADMIN))
584 break; 584 break;
585 unregister_vlan_dev(dev, NULL); 585 unregister_vlan_dev(dev, NULL);
586 err = 0; 586 err = 0;
generated by cgit v1.2.2 (git 2.25.0) at 2025-02-12 00:06:29 -0500