1 files changed, 19 insertions, 0 deletions
diff --git a/security/capability.c b/security/capability.c
index 1b943f54b2ea..06400cf07757 100644
--- a/security/capability.c
+++ b/security/capability.c
@@ -706,10 +706,26 @@ static void cap_inet_conn_established(struct sock *sk, struct sk_buff *skb)
 {
 }
 static void cap_req_classify_flow(const struct request_sock *req,
                                  struct flowi *fl)
 {
 }
+static int cap_tun_dev_create(void)
+{
+        return 0;
+}
+static void cap_tun_dev_post_create(struct sock *sk)
+{
+}
+static int cap_tun_dev_attach(struct sock *sk)
+{
+        return 0;
+}
 #endif  /* CONFIG_SECURITY_NETWORK */
 #ifdef CONFIG_SECURITY_NETWORK_XFRM
@@ -1026,6 +1042,9 @@ void security_fixup_ops(struct security_operations *ops)
        set_to_cap_if_null(ops, inet_csk_clone);
        set_to_cap_if_null(ops, inet_conn_established);
        set_to_cap_if_null(ops, req_classify_flow);
+        set_to_cap_if_null(ops, tun_dev_create);
+        set_to_cap_if_null(ops, tun_dev_post_create);
+        set_to_cap_if_null(ops, tun_dev_attach);
 #endif  /* CONFIG_SECURITY_NETWORK */
 #ifdef CONFIG_SECURITY_NETWORK_XFRM
        set_to_cap_if_null(ops, xfrm_policy_alloc_security);

diff --git a/security/capability.c b/security/capability.c index 1b943f54b2ea..06400cf07757 100644 --- a/security/capability.c +++ b/security/capability.c
@@ -706,10 +706,26 @@ static void cap_inet_conn_established(struct sock sk, struct sk_buff skb)
706	{	706	{
707	}	707	}
708		708
		709
		710
709	static void cap_req_classify_flow(const struct request_sock *req,	711	static void cap_req_classify_flow(const struct request_sock *req,
710	struct flowi *fl)	712	struct flowi *fl)
711	{	713	{
712	}	714	}
		715
		716	static int cap_tun_dev_create(void)
		717	{
		718	return 0;
		719	}
		720
		721	static void cap_tun_dev_post_create(struct sock *sk)
		722	{
		723	}
		724
		725	static int cap_tun_dev_attach(struct sock *sk)
		726	{
		727	return 0;
		728	}
713	#endif /* CONFIG_SECURITY_NETWORK */	729	#endif /* CONFIG_SECURITY_NETWORK */
714		730
715	#ifdef CONFIG_SECURITY_NETWORK_XFRM	731	#ifdef CONFIG_SECURITY_NETWORK_XFRM
@@ -1026,6 +1042,9 @@ void security_fixup_ops(struct security_operations *ops)
1026	set_to_cap_if_null(ops, inet_csk_clone);	1042	set_to_cap_if_null(ops, inet_csk_clone);
1027	set_to_cap_if_null(ops, inet_conn_established);	1043	set_to_cap_if_null(ops, inet_conn_established);
1028	set_to_cap_if_null(ops, req_classify_flow);	1044	set_to_cap_if_null(ops, req_classify_flow);
		1045	set_to_cap_if_null(ops, tun_dev_create);
		1046	set_to_cap_if_null(ops, tun_dev_post_create);
		1047	set_to_cap_if_null(ops, tun_dev_attach);
1029	#endif /* CONFIG_SECURITY_NETWORK */	1048	#endif /* CONFIG_SECURITY_NETWORK */
1030	#ifdef CONFIG_SECURITY_NETWORK_XFRM	1049	#ifdef CONFIG_SECURITY_NETWORK_XFRM
1031	set_to_cap_if_null(ops, xfrm_policy_alloc_security);	1050	set_to_cap_if_null(ops, xfrm_policy_alloc_security);