net: check kern before calling security subsystem Before calling capable(CAP_NET_RAW) check if this operations is on behalf of the kernel or on behalf of userspace. Do not do the security check if it is on behalf of the kernel. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Arnaldo Carvalho de Melo <acme@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>

commit: c84b3268da3b85c9d8a9e504e1001a14ed829e94 [log] [tgz]
author: Eric Paris <eparis@redhat.com> Thu Nov 05 20:45:52 2009 -0800
committer: David S. Miller <davem@davemloft.net> Thu Nov 05 22:18:18 2009 -0800
tree: 795b4997f5610cf2e56a57ee5b1e4c2d4ca10188
parent: 3f378b684453f2a028eda463ce383370545d9cc9 [diff] [blame]
diff --git a/net/bluetooth/l2cap.c b/net/bluetooth/l2cap.c
index 365ae16..ff0233d 100644
--- a/net/bluetooth/l2cap.c
+++ b/net/bluetooth/l2cap.c

@@ -832,7 +832,7 @@
 			sock->type != SOCK_DGRAM && sock->type != SOCK_RAW)
 		return -ESOCKTNOSUPPORT;
 
-	if (sock->type == SOCK_RAW && !capable(CAP_NET_RAW))
+	if (sock->type == SOCK_RAW && !kern && !capable(CAP_NET_RAW))
 		return -EPERM;
 
 	sock->ops = &l2cap_sock_ops;
commit	c84b3268da3b85c9d8a9e504e1001a14ed829e94	[log] [tgz]
author	Eric Paris <eparis@redhat.com>	Thu Nov 05 20:45:52 2009 -0800
committer	David S. Miller <davem@davemloft.net>	Thu Nov 05 22:18:18 2009 -0800
tree	795b4997f5610cf2e56a57ee5b1e4c2d4ca10188
parent	3f378b684453f2a028eda463ce383370545d9cc9 [diff] [blame]