new VNET

[linux-2.6.git] / net / ipv4 / ip_options.c

diff --git a/net/ipv4/ip_options.c b/net/ipv4/ip_options.c
index 9f02917..ae4ca9c 100644 (file)
--- a/net/ipv4/ip_options.c
+++ b/net/ipv4/ip_options.c
@@ -407,7 +407,7 @@ int ip_options_compile(struct ip_options * opt, struct sk_buff * skb)
                                        optptr[2] += 8;
                                        break;
                                      default:
-                                       if (!skb && !capable(CAP_NET_RAW)) {
+                                       if (!skb && !nx_capable(CAP_NET_RAW, NXC_RAW_SOCKET)) {
                                                pp_ptr = optptr + 3;
                                                goto error;
                                        }
@@ -443,7 +443,7 @@ int ip_options_compile(struct ip_options * opt, struct sk_buff * skb)
                                opt->router_alert = optptr - iph;
                        break;
                      case IPOPT_CIPSO:
-                       if ((!skb && !capable(CAP_NET_RAW)) || opt->cipso) {
+                       if ((!skb && !nx_capable(CAP_NET_RAW, NXC_RAW_SOCKET)) || opt->cipso) {
                                pp_ptr = optptr;
                                goto error;
                        }
@@ -456,7 +456,7 @@ int ip_options_compile(struct ip_options * opt, struct sk_buff * skb)
                      case IPOPT_SEC:
                      case IPOPT_SID:
                      default:
-                       if (!skb && !capable(CAP_NET_RAW)) {
+                       if (!skb && !nx_capable(CAP_NET_RAW, NXC_RAW_SOCKET)) {
                                pp_ptr = optptr;
                                goto error;
                        }