git://git.onelab.eu / sliver-openvswitch.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 8ba1fd2) | patch
brcompat_mod: Check if user has CAP_NET_ADMIN in ioctl handler
authorVivien Bernet-Rollande <vbr@soprive.net>
Thu, 16 Sep 2010 17:56:55 +0000 (10:56 -0700)
committerJesse Gross <jesse@nicira.com>
Thu, 16 Sep 2010 17:58:40 +0000 (10:58 -0700)
commitbbf4f269a391724d886f66b3661b10e5a434e2e8
tree7d77af98bc957d6fbb67e2d6122dd053b16b1188tree | snapshot
parent8ba1fd2fb9eb616ec028027e303c1664185c88e7commit | diff
brcompat_mod: Check if user has CAP_NET_ADMIN in ioctl handler

This patch checks that the user calling ioctl() to create, delete, or
modify bridges has the CAP_NET_ADMIN capability. This prevents
unpriviledged users from modifying the bridge configuration through
brcompatd. The checks are actually the same performed in
net/bridge/br_ioctl.c by the Linux kernel.

Signed-off-by: Vivien Bernet-Rollande <vbr@soprive.net>
Signed-off-by: Jesse Gross <jesse@nicira.com>
datapath/brcompat.c diff | blob | history
sliver-openvswitch