diff options
author | Eric W. Biederman <ebiederm@xmission.com> | 2012-11-16 04:03:09 +0100 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2012-11-19 02:33:00 +0100 |
commit | 276996fda0f33bd5e5e028c426f852ecd119372b (patch) | |
tree | f26b522e2ad3775b31b1ecc45c50a4ac9120988a /security/capability.c | |
parent | net: Allow userns root to control the network bridge code. (diff) | |
download | linux-276996fda0f33bd5e5e028c426f852ecd119372b.tar.xz linux-276996fda0f33bd5e5e028c426f852ecd119372b.zip |
net: Allow the userns root to control vlans.
Allow an unpriviled user who has created a user namespace, and then
created a network namespace to effectively use the new network
namespace, by reducing capable(CAP_NET_ADMIN) and
capable(CAP_NET_RAW) calls to be ns_capable(net->user_ns,
CAP_NET_ADMIN), or capable(net->user_ns, CAP_NET_RAW) calls.
Allow the vlan ioctls:
SET_VLAN_INGRESS_PRIORITY_CMD
SET_VLAN_EGRESS_PRIORITY_CMD
SET_VLAN_FLAG_CMD
SET_VLAN_NAME_TYPE_CMD
ADD_VLAN_CMD
DEL_VLAN_CMD
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'security/capability.c')
0 files changed, 0 insertions, 0 deletions