aboutsummaryrefslogtreecommitdiffstats
path: root/net/ipv4/ip_sockglue.c
diff options
context:
space:
mode:
Diffstat (limited to 'net/ipv4/ip_sockglue.c')
-rw-r--r--net/ipv4/ip_sockglue.c5
1 files changed, 3 insertions, 2 deletions
diff --git a/net/ipv4/ip_sockglue.c b/net/ipv4/ip_sockglue.c
index 14bbfcf717ac..3c9d20880283 100644
--- a/net/ipv4/ip_sockglue.c
+++ b/net/ipv4/ip_sockglue.c
@@ -989,13 +989,14 @@ mc_msf_out:
989 case IP_IPSEC_POLICY: 989 case IP_IPSEC_POLICY:
990 case IP_XFRM_POLICY: 990 case IP_XFRM_POLICY:
991 err = -EPERM; 991 err = -EPERM;
992 if (!capable(CAP_NET_ADMIN)) 992 if (!ns_capable(sock_net(sk)->user_ns, CAP_NET_ADMIN))
993 break; 993 break;
994 err = xfrm_user_policy(sk, optname, optval, optlen); 994 err = xfrm_user_policy(sk, optname, optval, optlen);
995 break; 995 break;
996 996
997 case IP_TRANSPARENT: 997 case IP_TRANSPARENT:
998 if (!!val && !capable(CAP_NET_RAW) && !capable(CAP_NET_ADMIN)) { 998 if (!!val && !ns_capable(sock_net(sk)->user_ns, CAP_NET_RAW) &&
999 !ns_capable(sock_net(sk)->user_ns, CAP_NET_ADMIN)) {
999 err = -EPERM; 1000 err = -EPERM;
1000 break; 1001 break;
1001 } 1002 }
generated by cgit v1.2.2 (git 2.25.0) at 2024-11-13 14:21:35 -0500