From 4e8bbb819d1594a01f91b1de83321f68d3e6e245 Mon Sep 17 00:00:00 2001 From: Stéphane Graber Date: Wed, 30 Apr 2014 11:25:43 -0400 Subject: net: Allow tc changes in user namespaces MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This switches a few remaining capable(CAP_NET_ADMIN) to ns_capable so that root in a user namespace may set tc rules inside that namespace. Signed-off-by: Stéphane Graber Acked-by: Serge E. Hallyn Cc: "Eric W. Biederman" Cc: Jamal Hadi Salim Cc: "David S. Miller" Acked-by: Eric Dumazet Signed-off-by: David S. Miller --- net/sched/cls_api.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'net/sched/cls_api.c') diff --git a/net/sched/cls_api.c b/net/sched/cls_api.c index a481bbe118d3..1a4a20267787 100644 --- a/net/sched/cls_api.c +++ b/net/sched/cls_api.c @@ -134,7 +134,8 @@ static int tc_ctl_tfilter(struct sk_buff *skb, struct nlmsghdr *n) int err; int tp_created = 0; - if ((n->nlmsg_type != RTM_GETTFILTER) && !capable(CAP_NET_ADMIN)) + if ((n->nlmsg_type != RTM_GETTFILTER) && + !ns_capable(net->user_ns, CAP_NET_ADMIN)) return -EPERM; replay: -- cgit v1.2.3