aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--net/ipv4/ip_sockglue.c3
-rw-r--r--net/ipv6/ipv6_sockglue.c3
2 files changed, 6 insertions, 0 deletions
diff --git a/net/ipv4/ip_sockglue.c b/net/ipv4/ip_sockglue.c
index fc7c481d0d79..ff4bd067b397 100644
--- a/net/ipv4/ip_sockglue.c
+++ b/net/ipv4/ip_sockglue.c
@@ -848,6 +848,9 @@ mc_msf_out:
848 848
849 case IP_IPSEC_POLICY: 849 case IP_IPSEC_POLICY:
850 case IP_XFRM_POLICY: 850 case IP_XFRM_POLICY:
851 err = -EPERM;
852 if (!capable(CAP_NET_ADMIN))
853 break;
851 err = xfrm_user_policy(sk, optname, optval, optlen); 854 err = xfrm_user_policy(sk, optname, optval, optlen);
852 break; 855 break;
853 856
diff --git a/net/ipv6/ipv6_sockglue.c b/net/ipv6/ipv6_sockglue.c
index f3ef4c38d315..3bc144a79fa5 100644
--- a/net/ipv6/ipv6_sockglue.c
+++ b/net/ipv6/ipv6_sockglue.c
@@ -504,6 +504,9 @@ done:
504 break; 504 break;
505 case IPV6_IPSEC_POLICY: 505 case IPV6_IPSEC_POLICY:
506 case IPV6_XFRM_POLICY: 506 case IPV6_XFRM_POLICY:
507 retv = -EPERM;
508 if (!capable(CAP_NET_ADMIN))
509 break;
507 retv = xfrm_user_policy(sk, optname, optval, optlen); 510 retv = xfrm_user_policy(sk, optname, optval, optlen);
508 break; 511 break;
509 512