Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm / dce766af541f6605fa9889892c0280bab31c66ab
commitdce766af541f6605fa9889892c0280bab31c66ab[log] [tgz]
authorFlorian Westphal <fwestphal@astaro.com>Fri Jan 08 17:31:24 2010 +0100
committerPatrick McHardy <kaber@trash.net>Fri Jan 08 17:31:24 2010 +0100
treefd9a11a09bf038336429f33dc092333aa745edb1
parentaaff23a95aea5f000895f50d90e91f1e2f727002 [diff]
netfilter: ebtables: enforce CAP_NET_ADMIN

normal users are currently allowed to set/modify ebtables rules.
Restrict it to processes with CAP_NET_ADMIN.

Note that this cannot be reproduced with unmodified ebtables binary
because it uses SOCK_RAW.

Signed-off-by: Florian Westphal <fwestphal@astaro.com>
Cc: stable@kernel.org
Signed-off-by: Patrick McHardy <kaber@trash.net>
1 file changed
tree: fd9a11a09bf038336429f33dc092333aa745edb1
  1. arch/
  2. block/
  3. crypto/
  4. Documentation/
  5. drivers/
  6. firmware/
  7. fs/
  8. include/
  9. init/
  10. ipc/
  11. kernel/
  12. lib/
  13. mm/
  14. net/
  15. samples/
  16. scripts/
  17. security/
  18. sound/
  19. tools/
  20. usr/
  21. virt/
  22. .gitignore
  23. .mailmap
  24. COPYING
  25. CREDITS
  26. Kbuild
  27. MAINTAINERS
  28. Makefile
  29. README
  30. REPORTING-BUGS