7 files changed, 7 insertions, 7 deletions
diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c
index 99d9e953fe39..d3a628196716 100644
--- a/net/core/rtnetlink.c
+++ b/net/core/rtnetlink.c
@@ -1931,7 +1931,7 @@ static int rtnetlink_rcv_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
        sz_idx = type>>2;
        kind = type&3;
-        if (kind != 2 && security_netlink_recv(skb, CAP_NET_ADMIN))
+        if (kind != 2 && !capable(CAP_NET_ADMIN))
                return -EPERM;
        if (kind == 2 && nlh->nlmsg_flags&NLM_F_DUMP) {
diff --git a/net/decnet/netfilter/dn_rtmsg.c b/net/decnet/netfilter/dn_rtmsg.c
index 69975e0bcdea..1531135130db 100644
--- a/net/decnet/netfilter/dn_rtmsg.c
+++ b/net/decnet/netfilter/dn_rtmsg.c
@@ -108,7 +108,7 @@ static inline void dnrmg_receive_user_skb(struct sk_buff *skb)
        if (nlh->nlmsg_len < sizeof(*nlh) || skb->len < nlh->nlmsg_len)
                return;
-        if (security_netlink_recv(skb, CAP_NET_ADMIN))
+        if (!capable(CAP_NET_ADMIN))
                RCV_SKB_FAIL(-EPERM);
        /* Eventually we might send routing messages too */
diff --git a/net/ipv4/netfilter/ip_queue.c b/net/ipv4/netfilter/ip_queue.c
index e59aabd0eae4..ffabb2674718 100644
--- a/net/ipv4/netfilter/ip_queue.c
+++ b/net/ipv4/netfilter/ip_queue.c
@@ -430,7 +430,7 @@ __ipq_rcv_skb(struct sk_buff *skb)
        if (type <= IPQM_BASE)
                return;
-        if (security_netlink_recv(skb, CAP_NET_ADMIN))
+        if (!capable(CAP_NET_ADMIN))
                RCV_SKB_FAIL(-EPERM);
        spin_lock_bh(&queue_lock);
diff --git a/net/ipv6/netfilter/ip6_queue.c b/net/ipv6/netfilter/ip6_queue.c
index e63c3972a739..5e5ce778be7f 100644
--- a/net/ipv6/netfilter/ip6_queue.c
+++ b/net/ipv6/netfilter/ip6_queue.c
@@ -431,7 +431,7 @@ __ipq_rcv_skb(struct sk_buff *skb)
        if (type <= IPQM_BASE)
                return;
-        if (security_netlink_recv(skb, CAP_NET_ADMIN))
+        if (!capable(CAP_NET_ADMIN))
                RCV_SKB_FAIL(-EPERM);
        spin_lock_bh(&queue_lock);
diff --git a/net/netfilter/nfnetlink.c b/net/netfilter/nfnetlink.c
index 1905976b5135..e6c2b8f32180 100644
--- a/net/netfilter/nfnetlink.c
+++ b/net/netfilter/nfnetlink.c
@@ -130,7 +130,7 @@ static int nfnetlink_rcv_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
        const struct nfnetlink_subsystem *ss;
        int type, err;
-        if (security_netlink_recv(skb, CAP_NET_ADMIN))
+        if (!capable(CAP_NET_ADMIN))
                return -EPERM;
        /* All the messages must at least contain nfgenmsg */
diff --git a/net/netlink/genetlink.c b/net/netlink/genetlink.c
index 482fa571b4ee..05fedbf489a5 100644
--- a/net/netlink/genetlink.c
+++ b/net/netlink/genetlink.c
@@ -516,7 +516,7 @@ static int genl_rcv_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
                return -EOPNOTSUPP;
        if ((ops->flags & GENL_ADMIN_PERM) &&
-            security_netlink_recv(skb, CAP_NET_ADMIN))
+            !capable(CAP_NET_ADMIN))
                return -EPERM;
        if (nlh->nlmsg_flags & NLM_F_DUMP) {
diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c
index 0256b8a0a7cf..71de86698efa 100644
--- a/net/xfrm/xfrm_user.c
+++ b/net/xfrm/xfrm_user.c
@@ -2290,7 +2290,7 @@ static int xfrm_user_rcv_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
        link = &xfrm_dispatch[type];
        /* All operations require privileges, even GET */
-        if (security_netlink_recv(skb, CAP_NET_ADMIN))
+        if (!capable(CAP_NET_ADMIN))
                return -EPERM;
        if ((type == (XFRM_MSG_GETSA - XFRM_MSG_BASE) ||

diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c index 99d9e953fe39..d3a628196716 100644 --- a/net/core/rtnetlink.c +++ b/net/core/rtnetlink.c
@@ -1931,7 +1931,7 @@ static int rtnetlink_rcv_msg(struct sk_buff skb, struct nlmsghdr nlh)
1931	sz_idx = type>>2;	1931	sz_idx = type>>2;
1932	kind = type&3;	1932	kind = type&3;
1933		1933
1934	if (kind != 2 && security_netlink_recv(skb, CAP_NET_ADMIN))	1934	if (kind != 2 && !capable(CAP_NET_ADMIN))
1935	return -EPERM;	1935	return -EPERM;
1936		1936
1937	if (kind == 2 && nlh->nlmsg_flags&NLM_F_DUMP) {	1937	if (kind == 2 && nlh->nlmsg_flags&NLM_F_DUMP) {


diff --git a/net/decnet/netfilter/dn_rtmsg.c b/net/decnet/netfilter/dn_rtmsg.c index 69975e0bcdea..1531135130db 100644 --- a/net/decnet/netfilter/dn_rtmsg.c +++ b/net/decnet/netfilter/dn_rtmsg.c
@@ -108,7 +108,7 @@ static inline void dnrmg_receive_user_skb(struct sk_buff *skb)
108	if (nlh->nlmsg_len < sizeof(*nlh) \|\| skb->len < nlh->nlmsg_len)	108	if (nlh->nlmsg_len < sizeof(*nlh) \|\| skb->len < nlh->nlmsg_len)
109	return;	109	return;
110		110
111	if (security_netlink_recv(skb, CAP_NET_ADMIN))	111	if (!capable(CAP_NET_ADMIN))
112	RCV_SKB_FAIL(-EPERM);	112	RCV_SKB_FAIL(-EPERM);
113		113
114	/* Eventually we might send routing messages too */	114	/* Eventually we might send routing messages too */


diff --git a/net/ipv4/netfilter/ip_queue.c b/net/ipv4/netfilter/ip_queue.c index e59aabd0eae4..ffabb2674718 100644 --- a/net/ipv4/netfilter/ip_queue.c +++ b/net/ipv4/netfilter/ip_queue.c
@@ -430,7 +430,7 @@ __ipq_rcv_skb(struct sk_buff *skb)
430	if (type <= IPQM_BASE)	430	if (type <= IPQM_BASE)
431	return;	431	return;
432		432
433	if (security_netlink_recv(skb, CAP_NET_ADMIN))	433	if (!capable(CAP_NET_ADMIN))
434	RCV_SKB_FAIL(-EPERM);	434	RCV_SKB_FAIL(-EPERM);
435		435
436	spin_lock_bh(&queue_lock);	436	spin_lock_bh(&queue_lock);


diff --git a/net/ipv6/netfilter/ip6_queue.c b/net/ipv6/netfilter/ip6_queue.c index e63c3972a739..5e5ce778be7f 100644 --- a/net/ipv6/netfilter/ip6_queue.c +++ b/net/ipv6/netfilter/ip6_queue.c
@@ -431,7 +431,7 @@ __ipq_rcv_skb(struct sk_buff *skb)
431	if (type <= IPQM_BASE)	431	if (type <= IPQM_BASE)
432	return;	432	return;
433		433
434	if (security_netlink_recv(skb, CAP_NET_ADMIN))	434	if (!capable(CAP_NET_ADMIN))
435	RCV_SKB_FAIL(-EPERM);	435	RCV_SKB_FAIL(-EPERM);
436		436
437	spin_lock_bh(&queue_lock);	437	spin_lock_bh(&queue_lock);


diff --git a/net/netfilter/nfnetlink.c b/net/netfilter/nfnetlink.c index 1905976b5135..e6c2b8f32180 100644 --- a/net/netfilter/nfnetlink.c +++ b/net/netfilter/nfnetlink.c
@@ -130,7 +130,7 @@ static int nfnetlink_rcv_msg(struct sk_buff skb, struct nlmsghdr nlh)
130	const struct nfnetlink_subsystem *ss;	130	const struct nfnetlink_subsystem *ss;
131	int type, err;	131	int type, err;
132		132
133	if (security_netlink_recv(skb, CAP_NET_ADMIN))	133	if (!capable(CAP_NET_ADMIN))
134	return -EPERM;	134	return -EPERM;
135		135
136	/* All the messages must at least contain nfgenmsg */	136	/* All the messages must at least contain nfgenmsg */


diff --git a/net/netlink/genetlink.c b/net/netlink/genetlink.c index 482fa571b4ee..05fedbf489a5 100644 --- a/net/netlink/genetlink.c +++ b/net/netlink/genetlink.c
@@ -516,7 +516,7 @@ static int genl_rcv_msg(struct sk_buff skb, struct nlmsghdr nlh)
516	return -EOPNOTSUPP;	516	return -EOPNOTSUPP;
517		517
518	if ((ops->flags & GENL_ADMIN_PERM) &&	518	if ((ops->flags & GENL_ADMIN_PERM) &&
519	security_netlink_recv(skb, CAP_NET_ADMIN))	519	!capable(CAP_NET_ADMIN))
520	return -EPERM;	520	return -EPERM;
521		521
522	if (nlh->nlmsg_flags & NLM_F_DUMP) {	522	if (nlh->nlmsg_flags & NLM_F_DUMP) {


diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c index 0256b8a0a7cf..71de86698efa 100644 --- a/net/xfrm/xfrm_user.c +++ b/net/xfrm/xfrm_user.c
@@ -2290,7 +2290,7 @@ static int xfrm_user_rcv_msg(struct sk_buff skb, struct nlmsghdr nlh)
2290	link = &xfrm_dispatch[type];	2290	link = &xfrm_dispatch[type];
2291		2291
2292	/* All operations require privileges, even GET */	2292	/* All operations require privileges, even GET */
2293	if (security_netlink_recv(skb, CAP_NET_ADMIN))	2293	if (!capable(CAP_NET_ADMIN))
2294	return -EPERM;	2294	return -EPERM;
2295		2295
2296	if ((type == (XFRM_MSG_GETSA - XFRM_MSG_BASE) \|\|	2296	if ((type == (XFRM_MSG_GETSA - XFRM_MSG_BASE) \|\|