brcompat_mod: Check if user has CAP_NET_ADMIN in ioctl handler

[sliver-openvswitch.git] / datapath / brcompat.c

diff --git a/datapath/brcompat.c b/datapath/brcompat.c
index 3e84011..2113eae 100644 (file)
--- a/datapath/brcompat.c
+++ b/datapath/brcompat.c
@@ -84,6 +84,9 @@ static int brc_add_del_bridge(char __user *uname, int add)
        struct sk_buff *request;
        char name[IFNAMSIZ];
 
+       if (!capable(CAP_NET_ADMIN))
+               return -EPERM;
+
        if (copy_from_user(name, uname, IFNAMSIZ))
                return -EFAULT;
 
@@ -196,6 +199,9 @@ static int brc_add_del_port(struct net_device *dev, int port_ifindex, int add)
        struct net_device *port;
        int err;
 
+       if (!capable(CAP_NET_ADMIN))
+               return -EPERM;
+
        port = __dev_get_by_index(&init_net, port_ifindex);
        if (!port)
                return -EINVAL;