nl80211: Allow privileged operations from user namespaces - linux

diff options

author	Martin Willi <martin@strongswan.org>	2016-05-09 18:33:58 +0200
committer	Johannes Berg <johannes.berg@intel.com>	2016-05-31 11:36:34 +0200
commit	5617c6cd6f844eaa2f4d61f165b7e6664a658865 (patch)
tree	3cdfff2de392894a71c72c5fd5477bba44ce80ed /crypto/gf128mul.c
parent	Merge branch 'upstream' of git://git.linux-mips.org/pub/scm/ralf/upstream-linus (diff)
download	linux-5617c6cd6f844eaa2f4d61f165b7e6664a658865.tar.xz linux-5617c6cd6f844eaa2f4d61f165b7e6664a658865.zip

nl80211: Allow privileged operations from user namespaces

While a wiphy can be transferred to network namespaces, a process having CAP_NET_ADMIN in a non-initial user namespace can not administrate such devices due to the genetlink GENL_ADMIN_PERM restrictions. For openvswitch having the same issue, a new GENL_UNS_ADMIN_PERM flag has been introduced, commit 4a92602aa1cd ("openvswitch: allow management from inside user namespaces"). This patch changes all privileged operations operating on a wiphy, dev or wdev to allow their administration using the same mechanism. All operations use either NEED_WIPHY, NEED_WDEV or NEED_NETDEV, which implies a namespace aware lookup of the device. The only exception is NL80211_CMD_SET_WIPHY, which explicitly uses a namespace aware phy lookup. Signed-off-by: Martin Willi <martin@strongswan.org> [also allow cancel scan, for completeness] Signed-off-by: Johannes Berg <johannes.berg@intel.com>

Diffstat (limited to 'crypto/gf128mul.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: