diff options
| author | Gao feng <gaofeng@cn.fujitsu.com> | 2013-01-31 11:30:59 -0500 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2013-02-04 13:12:16 -0500 |
| commit | e4d343ea92bdce831f071d9706b2daf097e6d009 (patch) | |
| tree | fa654ed1f6524703d6c0c4dc541c39278333fd4e /net/bridge | |
| parent | bb12b8b26e197b21e3f28d5401bfee6f86a8d633 (diff) | |
netns: bridge: allow unprivileged users add/delete mdb entry
since the mdb table is belong to bridge device,and the
bridge device can only be seen in one netns.
So it's safe to allow unprivileged user which is the
creator of userns and netns to modify the mdb table.
Signed-off-by: Gao feng <gaofeng@cn.fujitsu.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/bridge')
| -rw-r--r-- | net/bridge/br_mdb.c | 3 |
1 files changed, 0 insertions, 3 deletions
diff --git a/net/bridge/br_mdb.c b/net/bridge/br_mdb.c index acc9f4cc18f7..38991e03646d 100644 --- a/net/bridge/br_mdb.c +++ b/net/bridge/br_mdb.c | |||
| @@ -272,9 +272,6 @@ static int br_mdb_parse(struct sk_buff *skb, struct nlmsghdr *nlh, | |||
| 272 | struct net_device *dev; | 272 | struct net_device *dev; |
| 273 | int err; | 273 | int err; |
| 274 | 274 | ||
| 275 | if (!capable(CAP_NET_ADMIN)) | ||
| 276 | return -EPERM; | ||
| 277 | |||
| 278 | err = nlmsg_parse(nlh, sizeof(*bpm), tb, MDBA_SET_ENTRY, NULL); | 275 | err = nlmsg_parse(nlh, sizeof(*bpm), tb, MDBA_SET_ENTRY, NULL); |
| 279 | if (err < 0) | 276 | if (err < 0) |
| 280 | return err; | 277 | return err; |