projects
/
firefly-linux-kernel-4.4.55.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
net/ipv6: Correct PIM6 mrt_lock handling
[firefly-linux-kernel-4.4.55.git]
/
net
/
sysctl_net.c
diff --git
a/net/sysctl_net.c
b/net/sysctl_net.c
index e3a6e37cd1c536cc93d5caa850219e4104bb646b..e7000be321b0148469264524ed6fce75c3952955 100644
(file)
--- a/
net/sysctl_net.c
+++ b/
net/sysctl_net.c
@@
-38,15
+38,24
@@
static int is_seen(struct ctl_table_set *set)
}
/* Return standard mode bits for table entry. */
}
/* Return standard mode bits for table entry. */
-static int net_ctl_permissions(struct ctl_table_root *root,
- struct nsproxy *nsproxy,
+static int net_ctl_permissions(struct ctl_table_header *head,
struct ctl_table *table)
{
struct ctl_table *table)
{
+ struct net *net = container_of(head->set, struct net, sysctls);
+ kuid_t root_uid = make_kuid(net->user_ns, 0);
+ kgid_t root_gid = make_kgid(net->user_ns, 0);
+
/* Allow network administrator to have same access as root. */
/* Allow network administrator to have same access as root. */
- if (capable(CAP_NET_ADMIN)) {
+ if (ns_capable(net->user_ns, CAP_NET_ADMIN) ||
+ uid_eq(root_uid, current_euid())) {
int mode = (table->mode >> 6) & 7;
return (mode << 6) | (mode << 3) | mode;
}
int mode = (table->mode >> 6) & 7;
return (mode << 6) | (mode << 3) | mode;
}
+ /* Allow netns root group to have the same access as the root group */
+ if (in_egroup_p(root_gid)) {
+ int mode = (table->mode >> 3) & 7;
+ return (mode << 3) | mode;
+ }
return table->mode;
}
return table->mode;
}