| commit | 6f2a4ac36508d8984c1a6a9ef5d9c1c2c61485b9 | |
| author | Florian Westphal <fwestphal@astaro.com> | |
| Fri, 8 Jan 2010 16:31:24 +0000 (8 17:31 +0100) | ||
| committer | Greg Kroah-Hartman <gregkh@suse.de> | |
| Mon, 18 Jan 2010 18:28:48 +0000 (18 10:28 -0800) | ||
| tree | f1f7a21c8548c354edc99de7a2f8ac676883cd4b | treesnapshot (tar.gz zip) |
| parent | 87506bf2614e12d1cc4882613af0cb972aaa319a | commitdiff |
netfilter: ebtables: enforce CAP_NET_ADMIN
commit dce766af541f6605fa9889892c0280bab31c66ab upstream.
normal users are currently allowed to set/modify ebtables rules.
Restrict it to processes with CAP_NET_ADMIN.
Note that this cannot be reproduced with unmodified ebtables binary
because it uses SOCK_RAW.
Signed-off-by: Florian Westphal <fwestphal@astaro.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
commit dce766af541f6605fa9889892c0280bab31c66ab upstream.
normal users are currently allowed to set/modify ebtables rules.
Restrict it to processes with CAP_NET_ADMIN.
Note that this cannot be reproduced with unmodified ebtables binary
because it uses SOCK_RAW.
Signed-off-by: Florian Westphal <fwestphal@astaro.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
| net/bridge/netfilter/ebtables.c | diffblobblamehistory |