summaryrefslogtreecommitdiffstats
path: root/security/capability.c
diff options
context:
space:
mode:
authorEric W. Biederman <ebiederm@xmission.com>2012-11-16 04:03:09 +0100
committerDavid S. Miller <davem@davemloft.net>2012-11-19 02:33:00 +0100
commit276996fda0f33bd5e5e028c426f852ecd119372b (patch)
treef26b522e2ad3775b31b1ecc45c50a4ac9120988a /security/capability.c
parentnet: Allow userns root to control the network bridge code. (diff)
downloadlinux-276996fda0f33bd5e5e028c426f852ecd119372b.tar.xz
linux-276996fda0f33bd5e5e028c426f852ecd119372b.zip
net: Allow the userns root to control vlans.
Allow an unpriviled user who has created a user namespace, and then created a network namespace to effectively use the new network namespace, by reducing capable(CAP_NET_ADMIN) and capable(CAP_NET_RAW) calls to be ns_capable(net->user_ns, CAP_NET_ADMIN), or capable(net->user_ns, CAP_NET_RAW) calls. Allow the vlan ioctls: SET_VLAN_INGRESS_PRIORITY_CMD SET_VLAN_EGRESS_PRIORITY_CMD SET_VLAN_FLAG_CMD SET_VLAN_NAME_TYPE_CMD ADD_VLAN_CMD DEL_VLAN_CMD Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'security/capability.c')
0 files changed, 0 insertions, 0 deletions