git://git.onelab.eu / sliver-openvswitch.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: a842e7b) | patch
brcompat_mod: Check if user has CAP_NET_ADMIN in ioctl handler
authorVivien Bernet-Rollande <vbr@soprive.net>
Thu, 16 Sep 2010 17:56:55 +0000 (10:56 -0700)
committerJustin Pettit <jpettit@nicira.com>
Tue, 5 Oct 2010 23:41:52 +0000 (16:41 -0700)
commitba429bfa0a4c5e20cc2ab5f1b16519f84b6ee92b
treecb2b8057abf546e42325e9b56f5955b7810daec5tree | snapshot
parenta842e7b093786019292998fa192d4ed7d228d686commit | diff
brcompat_mod: Check if user has CAP_NET_ADMIN in ioctl handler

This patch checks that the user calling ioctl() to create, delete, or
modify bridges has the CAP_NET_ADMIN capability. This prevents
unpriviledged users from modifying the bridge configuration through
brcompatd. The checks are actually the same performed in
net/bridge/br_ioctl.c by the Linux kernel.

Signed-off-by: Vivien Bernet-Rollande <vbr@soprive.net>
Signed-off-by: Jesse Gross <jesse@nicira.com>
datapath/brcompat.c diff | blob | history
sliver-openvswitch