diff options
| author | Stéphane Graber <stgraber@ubuntu.com> | 2014-04-30 11:25:43 -0400 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2014-05-02 17:43:25 -0400 |
| commit | 4e8bbb819d1594a01f91b1de83321f68d3e6e245 (patch) | |
| tree | b4f187161c4530eab963ee8d1e35d42366d2fa1a /net/sched | |
| parent | 3c4de5a0a3e7f8e5af18ed7a2275d189734f897a (diff) | |
net: Allow tc changes in user namespaces
This switches a few remaining capable(CAP_NET_ADMIN) to ns_capable so
that root in a user namespace may set tc rules inside that namespace.
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
Cc: "Eric W. Biederman" <ebiederm@xmission.com>
Cc: Jamal Hadi Salim <jhs@mojatatu.com>
Cc: "David S. Miller" <davem@davemloft.net>
Acked-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/sched')
| -rw-r--r-- | net/sched/cls_api.c | 3 | ||||
| -rw-r--r-- | net/sched/sch_api.c | 8 |
2 files changed, 7 insertions, 4 deletions
diff --git a/net/sched/cls_api.c b/net/sched/cls_api.c index a481bbe118d3..1a4a20267787 100644 --- a/net/sched/cls_api.c +++ b/net/sched/cls_api.c | |||
| @@ -134,7 +134,8 @@ static int tc_ctl_tfilter(struct sk_buff *skb, struct nlmsghdr *n) | |||
| 134 | int err; | 134 | int err; |
| 135 | int tp_created = 0; | 135 | int tp_created = 0; |
| 136 | 136 | ||
| 137 | if ((n->nlmsg_type != RTM_GETTFILTER) && !capable(CAP_NET_ADMIN)) | 137 | if ((n->nlmsg_type != RTM_GETTFILTER) && |
| 138 | !ns_capable(net->user_ns, CAP_NET_ADMIN)) | ||
| 138 | return -EPERM; | 139 | return -EPERM; |
| 139 | 140 | ||
| 140 | replay: | 141 | replay: |
diff --git a/net/sched/sch_api.c b/net/sched/sch_api.c index a0b84e0e22de..86f8edfd6b8a 100644 --- a/net/sched/sch_api.c +++ b/net/sched/sch_api.c | |||
| @@ -1084,7 +1084,8 @@ static int tc_get_qdisc(struct sk_buff *skb, struct nlmsghdr *n) | |||
| 1084 | struct Qdisc *p = NULL; | 1084 | struct Qdisc *p = NULL; |
| 1085 | int err; | 1085 | int err; |
| 1086 | 1086 | ||
| 1087 | if ((n->nlmsg_type != RTM_GETQDISC) && !capable(CAP_NET_ADMIN)) | 1087 | if ((n->nlmsg_type != RTM_GETQDISC) && |
| 1088 | !ns_capable(net->user_ns, CAP_NET_ADMIN)) | ||
| 1088 | return -EPERM; | 1089 | return -EPERM; |
| 1089 | 1090 | ||
| 1090 | err = nlmsg_parse(n, sizeof(*tcm), tca, TCA_MAX, NULL); | 1091 | err = nlmsg_parse(n, sizeof(*tcm), tca, TCA_MAX, NULL); |
| @@ -1151,7 +1152,7 @@ static int tc_modify_qdisc(struct sk_buff *skb, struct nlmsghdr *n) | |||
| 1151 | struct Qdisc *q, *p; | 1152 | struct Qdisc *q, *p; |
| 1152 | int err; | 1153 | int err; |
| 1153 | 1154 | ||
| 1154 | if (!capable(CAP_NET_ADMIN)) | 1155 | if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) |
| 1155 | return -EPERM; | 1156 | return -EPERM; |
| 1156 | 1157 | ||
| 1157 | replay: | 1158 | replay: |
| @@ -1490,7 +1491,8 @@ static int tc_ctl_tclass(struct sk_buff *skb, struct nlmsghdr *n) | |||
| 1490 | u32 qid; | 1491 | u32 qid; |
| 1491 | int err; | 1492 | int err; |
| 1492 | 1493 | ||
| 1493 | if ((n->nlmsg_type != RTM_GETTCLASS) && !capable(CAP_NET_ADMIN)) | 1494 | if ((n->nlmsg_type != RTM_GETTCLASS) && |
| 1495 | !ns_capable(net->user_ns, CAP_NET_ADMIN)) | ||
| 1494 | return -EPERM; | 1496 | return -EPERM; |
| 1495 | 1497 | ||
| 1496 | err = nlmsg_parse(n, sizeof(*tcm), tca, TCA_MAX, NULL); | 1498 | err = nlmsg_parse(n, sizeof(*tcm), tca, TCA_MAX, NULL); |