[NETFILTER] nfnetlink: unconditionally require CAP_NET_ADMIN This patch unconditionally requires CAP_NET_ADMIN for all nfnetlink messages. It also removes the per-message cap_required field, since all existing subsystems use CAP_NET_ADMIN for all their messages anyway. Patrick McHardy owes me a beer if we ever need to re-introduce this. Signed-off-by: Harald Welte <laforge@netfilter.org> Signed-off-by: David S. Miller <davem@davemloft.net>

commit: 37d2e7a20d745035b600f1a6be56cbb9c7259419 [log] [tgz]
author: Harald Welte <laforge@netfilter.org> Mon Nov 14 15:24:59 2005 -0800
committer: David S. Miller <davem@davemloft.net> Mon Nov 14 15:24:59 2005 -0800
tree: c76e0ba522d34c8b3021bf0f012632f7877f5281
parent: 3746a2b1402e7933c7f1eabdce384b8454dc2ef7 [diff] [blame]
diff --git a/net/netfilter/nfnetlink_queue.c b/net/netfilter/nfnetlink_queue.c
index f065a6c..f28460b6 100644
--- a/net/netfilter/nfnetlink_queue.c
+++ b/net/netfilter/nfnetlink_queue.c

@@ -931,14 +931,11 @@
 
 static struct nfnl_callback nfqnl_cb[NFQNL_MSG_MAX] = {
 	[NFQNL_MSG_PACKET]	= { .call = nfqnl_recv_unsupp,
-				    .attr_count = NFQA_MAX,
-				    .cap_required = CAP_NET_ADMIN },
+				    .attr_count = NFQA_MAX, },
 	[NFQNL_MSG_VERDICT]	= { .call = nfqnl_recv_verdict,
-				    .attr_count = NFQA_MAX,
-				    .cap_required = CAP_NET_ADMIN },
+				    .attr_count = NFQA_MAX, },
 	[NFQNL_MSG_CONFIG]	= { .call = nfqnl_recv_config,
-				    .attr_count = NFQA_CFG_MAX,
-				    .cap_required = CAP_NET_ADMIN },
+				    .attr_count = NFQA_CFG_MAX, },
 };
 
 static struct nfnetlink_subsystem nfqnl_subsys = {
commit	37d2e7a20d745035b600f1a6be56cbb9c7259419	[log] [tgz]
author	Harald Welte <laforge@netfilter.org>	Mon Nov 14 15:24:59 2005 -0800
committer	David S. Miller <davem@davemloft.net>	Mon Nov 14 15:24:59 2005 -0800
tree	c76e0ba522d34c8b3021bf0f012632f7877f5281
parent	3746a2b1402e7933c7f1eabdce384b8454dc2ef7 [diff] [blame]