1 files changed, 6 insertions, 6 deletions
diff --git a/net/8021q/vlan.c b/net/8021q/vlan.c
index 30ee4bc0f7cc..afba51e60310 100644
--- a/net/8021q/vlan.c
+++ b/net/8021q/vlan.c
@@ -529,7 +529,7 @@ static int vlan_ioctl_handler(struct net *net, void __user *arg)
        switch (args.cmd) {
        case SET_VLAN_INGRESS_PRIORITY_CMD:
                err = -EPERM;
-                if (!capable(CAP_NET_ADMIN))
+                if (!ns_capable(net->user_ns, CAP_NET_ADMIN))
                        break;
                vlan_dev_set_ingress_priority(dev,
                                              args.u.skb_priority,
@@ -539,7 +539,7 @@ static int vlan_ioctl_handler(struct net *net, void __user *arg)
        case SET_VLAN_EGRESS_PRIORITY_CMD:
                err = -EPERM;
-                if (!capable(CAP_NET_ADMIN))
+                if (!ns_capable(net->user_ns, CAP_NET_ADMIN))
                        break;
                err = vlan_dev_set_egress_priority(dev,
                                                   args.u.skb_priority,
@@ -548,7 +548,7 @@ static int vlan_ioctl_handler(struct net *net, void __user *arg)
        case SET_VLAN_FLAG_CMD:
                err = -EPERM;
-                if (!capable(CAP_NET_ADMIN))
+                if (!ns_capable(net->user_ns, CAP_NET_ADMIN))
                        break;
                err = vlan_dev_change_flags(dev,
                                            args.vlan_qos ? args.u.flag : 0,
@@ -557,7 +557,7 @@ static int vlan_ioctl_handler(struct net *net, void __user *arg)
        case SET_VLAN_NAME_TYPE_CMD:
                err = -EPERM;
-                if (!capable(CAP_NET_ADMIN))
+                if (!ns_capable(net->user_ns, CAP_NET_ADMIN))
                        break;
                if ((args.u.name_type >= 0) &&
                    (args.u.name_type < VLAN_NAME_TYPE_HIGHEST)) {
@@ -573,14 +573,14 @@ static int vlan_ioctl_handler(struct net *net, void __user *arg)
        case ADD_VLAN_CMD:
                err = -EPERM;
-                if (!capable(CAP_NET_ADMIN))
+                if (!ns_capable(net->user_ns, CAP_NET_ADMIN))
                        break;
                err = register_vlan_device(dev, args.u.VID);
                break;
        case DEL_VLAN_CMD:
                err = -EPERM;
-                if (!capable(CAP_NET_ADMIN))
+                if (!ns_capable(net->user_ns, CAP_NET_ADMIN))
                        break;
                unregister_vlan_dev(dev, NULL);
                err = 0;

diff --git a/net/8021q/vlan.c b/net/8021q/vlan.c index 30ee4bc0f7cc..afba51e60310 100644 --- a/net/8021q/vlan.c +++ b/net/8021q/vlan.c
@@ -529,7 +529,7 @@ static int vlan_ioctl_handler(struct net net, void __user arg)
529	switch (args.cmd) {	529	switch (args.cmd) {
530	case SET_VLAN_INGRESS_PRIORITY_CMD:	530	case SET_VLAN_INGRESS_PRIORITY_CMD:
531	err = -EPERM;	531	err = -EPERM;
532	if (!capable(CAP_NET_ADMIN))	532	if (!ns_capable(net->user_ns, CAP_NET_ADMIN))
533	break;	533	break;
534	vlan_dev_set_ingress_priority(dev,	534	vlan_dev_set_ingress_priority(dev,
535	args.u.skb_priority,	535	args.u.skb_priority,
@@ -539,7 +539,7 @@ static int vlan_ioctl_handler(struct net net, void __user arg)
539		539
540	case SET_VLAN_EGRESS_PRIORITY_CMD:	540	case SET_VLAN_EGRESS_PRIORITY_CMD:
541	err = -EPERM;	541	err = -EPERM;
542	if (!capable(CAP_NET_ADMIN))	542	if (!ns_capable(net->user_ns, CAP_NET_ADMIN))
543	break;	543	break;
544	err = vlan_dev_set_egress_priority(dev,	544	err = vlan_dev_set_egress_priority(dev,
545	args.u.skb_priority,	545	args.u.skb_priority,
@@ -548,7 +548,7 @@ static int vlan_ioctl_handler(struct net net, void __user arg)
548		548
549	case SET_VLAN_FLAG_CMD:	549	case SET_VLAN_FLAG_CMD:
550	err = -EPERM;	550	err = -EPERM;
551	if (!capable(CAP_NET_ADMIN))	551	if (!ns_capable(net->user_ns, CAP_NET_ADMIN))
552	break;	552	break;
553	err = vlan_dev_change_flags(dev,	553	err = vlan_dev_change_flags(dev,
554	args.vlan_qos ? args.u.flag : 0,	554	args.vlan_qos ? args.u.flag : 0,
@@ -557,7 +557,7 @@ static int vlan_ioctl_handler(struct net net, void __user arg)
557		557
558	case SET_VLAN_NAME_TYPE_CMD:	558	case SET_VLAN_NAME_TYPE_CMD:
559	err = -EPERM;	559	err = -EPERM;
560	if (!capable(CAP_NET_ADMIN))	560	if (!ns_capable(net->user_ns, CAP_NET_ADMIN))
561	break;	561	break;
562	if ((args.u.name_type >= 0) &&	562	if ((args.u.name_type >= 0) &&
563	(args.u.name_type < VLAN_NAME_TYPE_HIGHEST)) {	563	(args.u.name_type < VLAN_NAME_TYPE_HIGHEST)) {
@@ -573,14 +573,14 @@ static int vlan_ioctl_handler(struct net net, void __user arg)
573		573
574	case ADD_VLAN_CMD:	574	case ADD_VLAN_CMD:
575	err = -EPERM;	575	err = -EPERM;
576	if (!capable(CAP_NET_ADMIN))	576	if (!ns_capable(net->user_ns, CAP_NET_ADMIN))
577	break;	577	break;
578	err = register_vlan_device(dev, args.u.VID);	578	err = register_vlan_device(dev, args.u.VID);
579	break;	579	break;
580		580
581	case DEL_VLAN_CMD:	581	case DEL_VLAN_CMD:
582	err = -EPERM;	582	err = -EPERM;
583	if (!capable(CAP_NET_ADMIN))	583	if (!ns_capable(net->user_ns, CAP_NET_ADMIN))
584	break;	584	break;
585	unregister_vlan_dev(dev, NULL);	585	unregister_vlan_dev(dev, NULL);
586	err = 0;	586	err = 0;