aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--crypto/crypto_user.c2
-rw-r--r--drivers/connector/cn_proc.c2
-rw-r--r--drivers/scsi/scsi_netlink.c2
-rw-r--r--kernel/audit.c4
-rw-r--r--net/can/gw.c4
-rw-r--r--net/core/rtnetlink.c20
-rw-r--r--net/dcb/dcbnl.c2
-rw-r--r--net/decnet/dn_dev.c4
-rw-r--r--net/decnet/dn_fib.c4
-rw-r--r--net/decnet/netfilter/dn_rtmsg.c2
-rw-r--r--net/netfilter/nfnetlink.c2
-rw-r--r--net/netlink/genetlink.c2
-rw-r--r--net/packet/diag.c2
-rw-r--r--net/phonet/pn_netlink.c8
-rw-r--r--net/sched/act_api.c2
-rw-r--r--net/sched/cls_api.c2
-rw-r--r--net/sched/sch_api.c6
-rw-r--r--net/tipc/netlink.c2
-rw-r--r--net/xfrm/xfrm_user.c2
19 files changed, 38 insertions, 36 deletions
diff --git a/crypto/crypto_user.c b/crypto/crypto_user.c
index 1512e41cd93d..43665d0d0905 100644
--- a/crypto/crypto_user.c
+++ b/crypto/crypto_user.c
@@ -466,7 +466,7 @@ static int crypto_user_rcv_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
466 type -= CRYPTO_MSG_BASE; 466 type -= CRYPTO_MSG_BASE;
467 link = &crypto_dispatch[type]; 467 link = &crypto_dispatch[type];
468 468
469 if (!capable(CAP_NET_ADMIN)) 469 if (!netlink_capable(skb, CAP_NET_ADMIN))
470 return -EPERM; 470 return -EPERM;
471 471
472 if ((type == (CRYPTO_MSG_GETALG - CRYPTO_MSG_BASE) && 472 if ((type == (CRYPTO_MSG_GETALG - CRYPTO_MSG_BASE) &&
diff --git a/drivers/connector/cn_proc.c b/drivers/connector/cn_proc.c
index 148d707a1d43..ccdd4c7e748b 100644
--- a/drivers/connector/cn_proc.c
+++ b/drivers/connector/cn_proc.c
@@ -369,7 +369,7 @@ static void cn_proc_mcast_ctl(struct cn_msg *msg,
369 return; 369 return;
370 370
371 /* Can only change if privileged. */ 371 /* Can only change if privileged. */
372 if (!capable(CAP_NET_ADMIN)) { 372 if (!__netlink_ns_capable(nsp, &init_user_ns, CAP_NET_ADMIN)) {
373 err = EPERM; 373 err = EPERM;
374 goto out; 374 goto out;
375 } 375 }
diff --git a/drivers/scsi/scsi_netlink.c b/drivers/scsi/scsi_netlink.c
index fe30ea94ffe6..109802f776ed 100644
--- a/drivers/scsi/scsi_netlink.c
+++ b/drivers/scsi/scsi_netlink.c
@@ -77,7 +77,7 @@ scsi_nl_rcv_msg(struct sk_buff *skb)
77 goto next_msg; 77 goto next_msg;
78 } 78 }
79 79
80 if (!capable(CAP_SYS_ADMIN)) { 80 if (!netlink_capable(skb, CAP_SYS_ADMIN)) {
81 err = -EPERM; 81 err = -EPERM;
82 goto next_msg; 82 goto next_msg;
83 } 83 }
diff --git a/kernel/audit.c b/kernel/audit.c
index 7c2893602d06..47845c57eb19 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -643,13 +643,13 @@ static int audit_netlink_ok(struct sk_buff *skb, u16 msg_type)
643 if ((task_active_pid_ns(current) != &init_pid_ns)) 643 if ((task_active_pid_ns(current) != &init_pid_ns))
644 return -EPERM; 644 return -EPERM;
645 645
646 if (!capable(CAP_AUDIT_CONTROL)) 646 if (!netlink_capable(skb, CAP_AUDIT_CONTROL))
647 err = -EPERM; 647 err = -EPERM;
648 break; 648 break;
649 case AUDIT_USER: 649 case AUDIT_USER:
650 case AUDIT_FIRST_USER_MSG ... AUDIT_LAST_USER_MSG: 650 case AUDIT_FIRST_USER_MSG ... AUDIT_LAST_USER_MSG:
651 case AUDIT_FIRST_USER_MSG2 ... AUDIT_LAST_USER_MSG2: 651 case AUDIT_FIRST_USER_MSG2 ... AUDIT_LAST_USER_MSG2:
652 if (!capable(CAP_AUDIT_WRITE)) 652 if (!netlink_capable(skb, CAP_AUDIT_WRITE))
653 err = -EPERM; 653 err = -EPERM;
654 break; 654 break;
655 default: /* bad msg */ 655 default: /* bad msg */
diff --git a/net/can/gw.c b/net/can/gw.c
index ac31891967da..050a2110d43f 100644
--- a/net/can/gw.c
+++ b/net/can/gw.c
@@ -804,7 +804,7 @@ static int cgw_create_job(struct sk_buff *skb, struct nlmsghdr *nlh)
804 u8 limhops = 0; 804 u8 limhops = 0;
805 int err = 0; 805 int err = 0;
806 806
807 if (!capable(CAP_NET_ADMIN)) 807 if (!netlink_capable(skb, CAP_NET_ADMIN))
808 return -EPERM; 808 return -EPERM;
809 809
810 if (nlmsg_len(nlh) < sizeof(*r)) 810 if (nlmsg_len(nlh) < sizeof(*r))
@@ -893,7 +893,7 @@ static int cgw_remove_job(struct sk_buff *skb, struct nlmsghdr *nlh)
893 u8 limhops = 0; 893 u8 limhops = 0;
894 int err = 0; 894 int err = 0;
895 895
896 if (!capable(CAP_NET_ADMIN)) 896 if (!netlink_capable(skb, CAP_NET_ADMIN))
897 return -EPERM; 897 return -EPERM;
898 898
899 if (nlmsg_len(nlh) < sizeof(*r)) 899 if (nlmsg_len(nlh) < sizeof(*r))
diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c
index d4ff41739b0f..64ad17d077ed 100644
--- a/net/core/rtnetlink.c
+++ b/net/core/rtnetlink.c
@@ -1395,7 +1395,8 @@ static int do_set_master(struct net_device *dev, int ifindex)
1395 return 0; 1395 return 0;
1396} 1396}
1397 1397
1398static int do_setlink(struct net_device *dev, struct ifinfomsg *ifm, 1398static int do_setlink(const struct sk_buff *skb,
1399 struct net_device *dev, struct ifinfomsg *ifm,
1399 struct nlattr **tb, char *ifname, int modified) 1400 struct nlattr **tb, char *ifname, int modified)
1400{ 1401{
1401 const struct net_device_ops *ops = dev->netdev_ops; 1402 const struct net_device_ops *ops = dev->netdev_ops;
@@ -1407,7 +1408,7 @@ static int do_setlink(struct net_device *dev, struct ifinfomsg *ifm,
1407 err = PTR_ERR(net); 1408 err = PTR_ERR(net);
1408 goto errout; 1409 goto errout;
1409 } 1410 }
1410 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) { 1411 if (!netlink_ns_capable(skb, net->user_ns, CAP_NET_ADMIN)) {
1411 err = -EPERM; 1412 err = -EPERM;
1412 goto errout; 1413 goto errout;
1413 } 1414 }
@@ -1661,7 +1662,7 @@ static int rtnl_setlink(struct sk_buff *skb, struct nlmsghdr *nlh)
1661 if (err < 0) 1662 if (err < 0)
1662 goto errout; 1663 goto errout;
1663 1664
1664 err = do_setlink(dev, ifm, tb, ifname, 0); 1665 err = do_setlink(skb, dev, ifm, tb, ifname, 0);
1665errout: 1666errout:
1666 return err; 1667 return err;
1667} 1668}
@@ -1778,7 +1779,8 @@ err:
1778} 1779}
1779EXPORT_SYMBOL(rtnl_create_link); 1780EXPORT_SYMBOL(rtnl_create_link);
1780 1781
1781static int rtnl_group_changelink(struct net *net, int group, 1782static int rtnl_group_changelink(const struct sk_buff *skb,
1783 struct net *net, int group,
1782 struct ifinfomsg *ifm, 1784 struct ifinfomsg *ifm,
1783 struct nlattr **tb) 1785 struct nlattr **tb)
1784{ 1786{
@@ -1787,7 +1789,7 @@ static int rtnl_group_changelink(struct net *net, int group,
1787 1789
1788 for_each_netdev(net, dev) { 1790 for_each_netdev(net, dev) {
1789 if (dev->group == group) { 1791 if (dev->group == group) {
1790 err = do_setlink(dev, ifm, tb, NULL, 0); 1792 err = do_setlink(skb, dev, ifm, tb, NULL, 0);
1791 if (err < 0) 1793 if (err < 0)
1792 return err; 1794 return err;
1793 } 1795 }
@@ -1929,12 +1931,12 @@ replay:
1929 modified = 1; 1931 modified = 1;
1930 } 1932 }
1931 1933
1932 return do_setlink(dev, ifm, tb, ifname, modified); 1934 return do_setlink(skb, dev, ifm, tb, ifname, modified);
1933 } 1935 }
1934 1936
1935 if (!(nlh->nlmsg_flags & NLM_F_CREATE)) { 1937 if (!(nlh->nlmsg_flags & NLM_F_CREATE)) {
1936 if (ifm->ifi_index == 0 && tb[IFLA_GROUP]) 1938 if (ifm->ifi_index == 0 && tb[IFLA_GROUP])
1937 return rtnl_group_changelink(net, 1939 return rtnl_group_changelink(skb, net,
1938 nla_get_u32(tb[IFLA_GROUP]), 1940 nla_get_u32(tb[IFLA_GROUP]),
1939 ifm, tb); 1941 ifm, tb);
1940 return -ENODEV; 1942 return -ENODEV;
@@ -2321,7 +2323,7 @@ static int rtnl_fdb_del(struct sk_buff *skb, struct nlmsghdr *nlh)
2321 int err = -EINVAL; 2323 int err = -EINVAL;
2322 __u8 *addr; 2324 __u8 *addr;
2323 2325
2324 if (!capable(CAP_NET_ADMIN)) 2326 if (!netlink_capable(skb, CAP_NET_ADMIN))
2325 return -EPERM; 2327 return -EPERM;
2326 2328
2327 err = nlmsg_parse(nlh, sizeof(*ndm), tb, NDA_MAX, NULL); 2329 err = nlmsg_parse(nlh, sizeof(*ndm), tb, NDA_MAX, NULL);
@@ -2773,7 +2775,7 @@ static int rtnetlink_rcv_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
2773 sz_idx = type>>2; 2775 sz_idx = type>>2;
2774 kind = type&3; 2776 kind = type&3;
2775 2777
2776 if (kind != 2 && !ns_capable(net->user_ns, CAP_NET_ADMIN)) 2778 if (kind != 2 && !netlink_net_capable(skb, CAP_NET_ADMIN))
2777 return -EPERM; 2779 return -EPERM;
2778 2780
2779 if (kind == 2 && nlh->nlmsg_flags&NLM_F_DUMP) { 2781 if (kind == 2 && nlh->nlmsg_flags&NLM_F_DUMP) {
diff --git a/net/dcb/dcbnl.c b/net/dcb/dcbnl.c
index 553644402670..f8b98d89c285 100644
--- a/net/dcb/dcbnl.c
+++ b/net/dcb/dcbnl.c
@@ -1669,7 +1669,7 @@ static int dcb_doit(struct sk_buff *skb, struct nlmsghdr *nlh)
1669 struct nlmsghdr *reply_nlh = NULL; 1669 struct nlmsghdr *reply_nlh = NULL;
1670 const struct reply_func *fn; 1670 const struct reply_func *fn;
1671 1671
1672 if ((nlh->nlmsg_type == RTM_SETDCB) && !capable(CAP_NET_ADMIN)) 1672 if ((nlh->nlmsg_type == RTM_SETDCB) && !netlink_capable(skb, CAP_NET_ADMIN))
1673 return -EPERM; 1673 return -EPERM;
1674 1674
1675 ret = nlmsg_parse(nlh, sizeof(*dcb), tb, DCB_ATTR_MAX, 1675 ret = nlmsg_parse(nlh, sizeof(*dcb), tb, DCB_ATTR_MAX,
diff --git a/net/decnet/dn_dev.c b/net/decnet/dn_dev.c
index a603823a3e27..3b726f31c64c 100644
--- a/net/decnet/dn_dev.c
+++ b/net/decnet/dn_dev.c
@@ -574,7 +574,7 @@ static int dn_nl_deladdr(struct sk_buff *skb, struct nlmsghdr *nlh)
574 struct dn_ifaddr __rcu **ifap; 574 struct dn_ifaddr __rcu **ifap;
575 int err = -EINVAL; 575 int err = -EINVAL;
576 576
577 if (!capable(CAP_NET_ADMIN)) 577 if (!netlink_capable(skb, CAP_NET_ADMIN))
578 return -EPERM; 578 return -EPERM;
579 579
580 if (!net_eq(net, &init_net)) 580 if (!net_eq(net, &init_net))
@@ -618,7 +618,7 @@ static int dn_nl_newaddr(struct sk_buff *skb, struct nlmsghdr *nlh)
618 struct dn_ifaddr *ifa; 618 struct dn_ifaddr *ifa;
619 int err; 619 int err;
620 620
621 if (!capable(CAP_NET_ADMIN)) 621 if (!netlink_capable(skb, CAP_NET_ADMIN))
622 return -EPERM; 622 return -EPERM;
623 623
624 if (!net_eq(net, &init_net)) 624 if (!net_eq(net, &init_net))
diff --git a/net/decnet/dn_fib.c b/net/decnet/dn_fib.c
index 57dc159245ec..d332aefb0846 100644
--- a/net/decnet/dn_fib.c
+++ b/net/decnet/dn_fib.c
@@ -505,7 +505,7 @@ static int dn_fib_rtm_delroute(struct sk_buff *skb, struct nlmsghdr *nlh)
505 struct nlattr *attrs[RTA_MAX+1]; 505 struct nlattr *attrs[RTA_MAX+1];
506 int err; 506 int err;
507 507
508 if (!capable(CAP_NET_ADMIN)) 508 if (!netlink_capable(skb, CAP_NET_ADMIN))
509 return -EPERM; 509 return -EPERM;
510 510
511 if (!net_eq(net, &init_net)) 511 if (!net_eq(net, &init_net))
@@ -530,7 +530,7 @@ static int dn_fib_rtm_newroute(struct sk_buff *skb, struct nlmsghdr *nlh)
530 struct nlattr *attrs[RTA_MAX+1]; 530 struct nlattr *attrs[RTA_MAX+1];
531 int err; 531 int err;
532 532
533 if (!capable(CAP_NET_ADMIN)) 533 if (!netlink_capable(skb, CAP_NET_ADMIN))
534 return -EPERM; 534 return -EPERM;
535 535
536 if (!net_eq(net, &init_net)) 536 if (!net_eq(net, &init_net))
diff --git a/net/decnet/netfilter/dn_rtmsg.c b/net/decnet/netfilter/dn_rtmsg.c
index e83015cecfa7..e4d9560a910b 100644
--- a/net/decnet/netfilter/dn_rtmsg.c
+++ b/net/decnet/netfilter/dn_rtmsg.c
@@ -107,7 +107,7 @@ static inline void dnrmg_receive_user_skb(struct sk_buff *skb)
107 if (nlh->nlmsg_len < sizeof(*nlh) || skb->len < nlh->nlmsg_len) 107 if (nlh->nlmsg_len < sizeof(*nlh) || skb->len < nlh->nlmsg_len)
108 return; 108 return;
109 109
110 if (!capable(CAP_NET_ADMIN)) 110 if (!netlink_capable(skb, CAP_NET_ADMIN))
111 RCV_SKB_FAIL(-EPERM); 111 RCV_SKB_FAIL(-EPERM);
112 112
113 /* Eventually we might send routing messages too */ 113 /* Eventually we might send routing messages too */
diff --git a/net/netfilter/nfnetlink.c b/net/netfilter/nfnetlink.c
index e8138da4c14f..84392f3237c1 100644
--- a/net/netfilter/nfnetlink.c
+++ b/net/netfilter/nfnetlink.c
@@ -375,7 +375,7 @@ static void nfnetlink_rcv(struct sk_buff *skb)
375 skb->len < nlh->nlmsg_len) 375 skb->len < nlh->nlmsg_len)
376 return; 376 return;
377 377
378 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) { 378 if (!netlink_net_capable(skb, CAP_NET_ADMIN)) {
379 netlink_ack(skb, nlh, -EPERM); 379 netlink_ack(skb, nlh, -EPERM);
380 return; 380 return;
381 } 381 }
diff --git a/net/netlink/genetlink.c b/net/netlink/genetlink.c
index b1dcdb932a86..a3ba3ca0ff92 100644
--- a/net/netlink/genetlink.c
+++ b/net/netlink/genetlink.c
@@ -561,7 +561,7 @@ static int genl_family_rcv_msg(struct genl_family *family,
561 return -EOPNOTSUPP; 561 return -EOPNOTSUPP;
562 562
563 if ((ops->flags & GENL_ADMIN_PERM) && 563 if ((ops->flags & GENL_ADMIN_PERM) &&
564 !capable(CAP_NET_ADMIN)) 564 !netlink_capable(skb, CAP_NET_ADMIN))
565 return -EPERM; 565 return -EPERM;
566 566
567 if ((nlh->nlmsg_flags & NLM_F_DUMP) == NLM_F_DUMP) { 567 if ((nlh->nlmsg_flags & NLM_F_DUMP) == NLM_F_DUMP) {
diff --git a/net/packet/diag.c b/net/packet/diag.c
index b34d0de24091..92f2c7107eec 100644
--- a/net/packet/diag.c
+++ b/net/packet/diag.c
@@ -194,7 +194,7 @@ static int packet_diag_dump(struct sk_buff *skb, struct netlink_callback *cb)
194 194
195 net = sock_net(skb->sk); 195 net = sock_net(skb->sk);
196 req = nlmsg_data(cb->nlh); 196 req = nlmsg_data(cb->nlh);
197 may_report_filterinfo = ns_capable(net->user_ns, CAP_NET_ADMIN); 197 may_report_filterinfo = netlink_net_capable(cb->skb, CAP_NET_ADMIN);
198 198
199 mutex_lock(&net->packet.sklist_lock); 199 mutex_lock(&net->packet.sklist_lock);
200 sk_for_each(sk, &net->packet.sklist) { 200 sk_for_each(sk, &net->packet.sklist) {
diff --git a/net/phonet/pn_netlink.c b/net/phonet/pn_netlink.c
index dc15f4300808..b64151ade6b3 100644
--- a/net/phonet/pn_netlink.c
+++ b/net/phonet/pn_netlink.c
@@ -70,10 +70,10 @@ static int addr_doit(struct sk_buff *skb, struct nlmsghdr *nlh)
70 int err; 70 int err;
71 u8 pnaddr; 71 u8 pnaddr;
72 72
73 if (!capable(CAP_NET_ADMIN)) 73 if (!netlink_capable(skb, CAP_NET_ADMIN))
74 return -EPERM; 74 return -EPERM;
75 75
76 if (!capable(CAP_SYS_ADMIN)) 76 if (!netlink_capable(skb, CAP_SYS_ADMIN))
77 return -EPERM; 77 return -EPERM;
78 78
79 ASSERT_RTNL(); 79 ASSERT_RTNL();
@@ -233,10 +233,10 @@ static int route_doit(struct sk_buff *skb, struct nlmsghdr *nlh)
233 int err; 233 int err;
234 u8 dst; 234 u8 dst;
235 235
236 if (!capable(CAP_NET_ADMIN)) 236 if (!netlink_capable(skb, CAP_NET_ADMIN))
237 return -EPERM; 237 return -EPERM;
238 238
239 if (!capable(CAP_SYS_ADMIN)) 239 if (!netlink_capable(skb, CAP_SYS_ADMIN))
240 return -EPERM; 240 return -EPERM;
241 241
242 ASSERT_RTNL(); 242 ASSERT_RTNL();
diff --git a/net/sched/act_api.c b/net/sched/act_api.c
index 8a5ba5add4bc..648778aef1a2 100644
--- a/net/sched/act_api.c
+++ b/net/sched/act_api.c
@@ -948,7 +948,7 @@ static int tc_ctl_action(struct sk_buff *skb, struct nlmsghdr *n)
948 u32 portid = skb ? NETLINK_CB(skb).portid : 0; 948 u32 portid = skb ? NETLINK_CB(skb).portid : 0;
949 int ret = 0, ovr = 0; 949 int ret = 0, ovr = 0;
950 950
951 if ((n->nlmsg_type != RTM_GETACTION) && !capable(CAP_NET_ADMIN)) 951 if ((n->nlmsg_type != RTM_GETACTION) && !netlink_capable(skb, CAP_NET_ADMIN))
952 return -EPERM; 952 return -EPERM;
953 953
954 ret = nlmsg_parse(n, sizeof(struct tcamsg), tca, TCA_ACT_MAX, NULL); 954 ret = nlmsg_parse(n, sizeof(struct tcamsg), tca, TCA_ACT_MAX, NULL);
diff --git a/net/sched/cls_api.c b/net/sched/cls_api.c
index 29a30a14c315..bdbdb1a7920a 100644
--- a/net/sched/cls_api.c
+++ b/net/sched/cls_api.c
@@ -134,7 +134,7 @@ static int tc_ctl_tfilter(struct sk_buff *skb, struct nlmsghdr *n)
134 int err; 134 int err;
135 int tp_created = 0; 135 int tp_created = 0;
136 136
137 if ((n->nlmsg_type != RTM_GETTFILTER) && !capable(CAP_NET_ADMIN)) 137 if ((n->nlmsg_type != RTM_GETTFILTER) && !netlink_capable(skb, CAP_NET_ADMIN))
138 return -EPERM; 138 return -EPERM;
139 139
140replay: 140replay:
diff --git a/net/sched/sch_api.c b/net/sched/sch_api.c
index a0b84e0e22de..400769014bbd 100644
--- a/net/sched/sch_api.c
+++ b/net/sched/sch_api.c
@@ -1084,7 +1084,7 @@ static int tc_get_qdisc(struct sk_buff *skb, struct nlmsghdr *n)
1084 struct Qdisc *p = NULL; 1084 struct Qdisc *p = NULL;
1085 int err; 1085 int err;
1086 1086
1087 if ((n->nlmsg_type != RTM_GETQDISC) && !capable(CAP_NET_ADMIN)) 1087 if ((n->nlmsg_type != RTM_GETQDISC) && !netlink_capable(skb, CAP_NET_ADMIN))
1088 return -EPERM; 1088 return -EPERM;
1089 1089
1090 err = nlmsg_parse(n, sizeof(*tcm), tca, TCA_MAX, NULL); 1090 err = nlmsg_parse(n, sizeof(*tcm), tca, TCA_MAX, NULL);
@@ -1151,7 +1151,7 @@ static int tc_modify_qdisc(struct sk_buff *skb, struct nlmsghdr *n)
1151 struct Qdisc *q, *p; 1151 struct Qdisc *q, *p;
1152 int err; 1152 int err;
1153 1153
1154 if (!capable(CAP_NET_ADMIN)) 1154 if (!netlink_capable(skb, CAP_NET_ADMIN))
1155 return -EPERM; 1155 return -EPERM;
1156 1156
1157replay: 1157replay:
@@ -1490,7 +1490,7 @@ static int tc_ctl_tclass(struct sk_buff *skb, struct nlmsghdr *n)
1490 u32 qid; 1490 u32 qid;
1491 int err; 1491 int err;
1492 1492
1493 if ((n->nlmsg_type != RTM_GETTCLASS) && !capable(CAP_NET_ADMIN)) 1493 if ((n->nlmsg_type != RTM_GETTCLASS) && !netlink_capable(skb, CAP_NET_ADMIN))
1494 return -EPERM; 1494 return -EPERM;
1495 1495
1496 err = nlmsg_parse(n, sizeof(*tcm), tca, TCA_MAX, NULL); 1496 err = nlmsg_parse(n, sizeof(*tcm), tca, TCA_MAX, NULL);
diff --git a/net/tipc/netlink.c b/net/tipc/netlink.c
index 3aaf73de9e2d..ad844d365340 100644
--- a/net/tipc/netlink.c
+++ b/net/tipc/netlink.c
@@ -47,7 +47,7 @@ static int handle_cmd(struct sk_buff *skb, struct genl_info *info)
47 int hdr_space = nlmsg_total_size(GENL_HDRLEN + TIPC_GENL_HDRLEN); 47 int hdr_space = nlmsg_total_size(GENL_HDRLEN + TIPC_GENL_HDRLEN);
48 u16 cmd; 48 u16 cmd;
49 49
50 if ((req_userhdr->cmd & 0xC000) && (!capable(CAP_NET_ADMIN))) 50 if ((req_userhdr->cmd & 0xC000) && (!netlink_capable(skb, CAP_NET_ADMIN)))
51 cmd = TIPC_CMD_NOT_NET_ADMIN; 51 cmd = TIPC_CMD_NOT_NET_ADMIN;
52 else 52 else
53 cmd = req_userhdr->cmd; 53 cmd = req_userhdr->cmd;
diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c
index 8f131c10a6f3..51398ae6cda8 100644
--- a/net/xfrm/xfrm_user.c
+++ b/net/xfrm/xfrm_user.c
@@ -2377,7 +2377,7 @@ static int xfrm_user_rcv_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
2377 link = &xfrm_dispatch[type]; 2377 link = &xfrm_dispatch[type];
2378 2378
2379 /* All operations require privileges, even GET */ 2379 /* All operations require privileges, even GET */
2380 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) 2380 if (!netlink_net_capable(skb, CAP_NET_ADMIN))
2381 return -EPERM; 2381 return -EPERM;
2382 2382
2383 if ((type == (XFRM_MSG_GETSA - XFRM_MSG_BASE) || 2383 if ((type == (XFRM_MSG_GETSA - XFRM_MSG_BASE) ||
generated by cgit v1.2.2 (git 2.25.0) at 2024-11-10 08:28:38 -0500