Quoting Eric Dumazet (eric.dumazet@xxxxxxxxx):
> Le mardi 12 juillet 2011 à 23:30 +0000, Serge Hallyn a écrit :
> > From: Serge E. Hallyn <serge.hallyn@xxxxxxxxxxxxx>
> >
> > netlink_capable should check for permissions against the user
> > namespace owning the socket in question.
> >
> > Signed-off-by: Serge E. Hallyn <serge.hallyn@xxxxxxxxxxxxx>
> > Cc: Eric W. Biederman <ebiederm@xxxxxxxxxxxx>
> > ---
> > net/netlink/af_netlink.c | 11 +++++++++--
> > 1 files changed, 9 insertions(+), 2 deletions(-)
> >
> > diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c
> > index 6ef64ad..81c1099 100644
> > --- a/net/netlink/af_netlink.c
> > +++ b/net/netlink/af_netlink.c
> > @@ -580,8 +580,15 @@ retry:
> >
> > static inline int netlink_capable(struct socket *sock, unsigned int flag)
> > {
> > - return (nl_table[sock->sk->sk_protocol].nl_nonroot & flag) ||
> > - capable(CAP_NET_ADMIN);
> > + struct net *net;
> > + if (nl_table[sock->sk->sk_protocol].nl_nonroot & flag)
> > + return 1;
> > +#ifdef CONFIG_NET_NS
> > + net = sock->sk->sk_net;
> > +#else
> > + net = &init_net;
> > +#endif
>
> This is really ugly, please use :
>
> net = sock_net(sk);
>
> And no more #ifdef
thanks, will do!
_______________________________________________
Containers mailing list
Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx
https://lists.linux-foundation.org/mailman/listinfo/containers
