net: Verify permission to dest_net in newlink

When applicable verify that the caller has permision to create a
network device in another network namespace.  This check is already
present when moving a network device between network namespaces in
setlink so all that is needed is to duplicate that check in newlink.

This change almost backports cleanly, but there are context conflicts
as the code that follows was added in v4.0-rc1

Fixes: b51642f6d77b net: Enable a userns root rtnl calls that are safe for unprivilged users
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Acked-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

1 files changed, 4 insertions, 0 deletions

diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c
index 1385de0fa080..b237959c7497 100644
--- a/net/core/rtnetlink.c
+++ b/net/core/rtnetlink.c
@@ -2122,6 +2122,10 @@ replay:
                 if (IS_ERR(dest_net))
                         return PTR_ERR(dest_net);
 
+                err = -EPERM;
+                if (!netlink_ns_capable(skb, dest_net->user_ns, CAP_NET_ADMIN))
+                        goto out;
+
                 if (tb[IFLA_LINK_NETNSID]) {
                         int id = nla_get_s32(tb[IFLA_LINK_NETNSID]);