]> nv-tegra.nvidia Code Review - linux-2.6.git/commit
Code Review / linux-2.6.git / commit
? search:
summary | shortlog | log | commit | commitdiff | review | tree
(parent: 05bdd2f) | patch
net: allow CAP_NET_RAW to set socket options IP{,V6}_TRANSPARENT
authorMaciej Żenczykowski <maze@google.com>
Thu, 20 Oct 2011 22:21:36 +0000 (18:21 -0400)
committerDavid S. Miller <davem@davemloft.net>
Thu, 20 Oct 2011 22:21:36 +0000 (18:21 -0400)
commit6cc7a765c2987f03ba278dac03c7cc759ee198e7
tree1afd1f5b4da65279b84aa5b74f9c69e8ad3f3b36tree | snapshot
parent05bdd2f14351176d368e8ddc67993690a2d1bfb6commit | diff
net: allow CAP_NET_RAW to set socket options IP{,V6}_TRANSPARENT

Up till now the IP{,V6}_TRANSPARENT socket options (which actually set
the same bit in the socket struct) have required CAP_NET_ADMIN
privileges to set or clear the option.

- we make clearing the bit not require any privileges.
- we allow CAP_NET_ADMIN to set the bit (as before this change)
- we allow CAP_NET_RAW to set this bit, because raw
  sockets already pretty much effectively allow you
  to emulate socket transparency.

Signed-off-by: Maciej Żenczykowski <maze@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
include/linux/capability.h diff | blob | history
net/ipv4/ip_sockglue.c diff | blob | history
net/ipv6/ipv6_sockglue.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.