Quoting Eric Dumazet (eric.dumazet@xxxxxxxxx): > Le mardi 12 juillet 2011 à 23:30 +0000, Serge Hallyn a écrit : > > From: Serge E. Hallyn <serge.hallyn@xxxxxxxxxxxxx> > > > > netlink_capable should check for permissions against the user > > namespace owning the socket in question. > > > > Signed-off-by: Serge E. Hallyn <serge.hallyn@xxxxxxxxxxxxx> > > Cc: Eric W. Biederman <ebiederm@xxxxxxxxxxxx> > > --- > > net/netlink/af_netlink.c | 11 +++++++++-- > > 1 files changed, 9 insertions(+), 2 deletions(-) > > > > diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c > > index 6ef64ad..81c1099 100644 > > --- a/net/netlink/af_netlink.c > > +++ b/net/netlink/af_netlink.c > > @@ -580,8 +580,15 @@ retry: > > > > static inline int netlink_capable(struct socket *sock, unsigned int flag) > > { > > - return (nl_table[sock->sk->sk_protocol].nl_nonroot & flag) || > > - capable(CAP_NET_ADMIN); > > + struct net *net; > > + if (nl_table[sock->sk->sk_protocol].nl_nonroot & flag) > > + return 1; > > +#ifdef CONFIG_NET_NS > > + net = sock->sk->sk_net; > > +#else > > + net = &init_net; > > +#endif > > This is really ugly, please use : > > net = sock_net(sk); > > And no more #ifdef thanks, will do! _______________________________________________ Containers mailing list Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linux-foundation.org/mailman/listinfo/containers