On Wed, Sep 21, 2011 at 11:02:38AM +0200, Steffen Klassert wrote:
> +
> +static int crypto_user_rcv_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
> +{
> + struct nlattr *attrs[CRYPTOCFGA_MAX+1];
> + struct crypto_link *link;
> + int type, err;
> +
> + type = nlh->nlmsg_type;
> + if (type > CRYPTO_MSG_MAX)
> + return -EINVAL;
> +
> + type -= CRYPTO_MSG_BASE;
> + link = &crypto_dispatch[type];
> +
> + if (security_netlink_recv(skb, CAP_NET_ADMIN))
> + return -EPERM;
> +
I'm just wondering whether CAP_NET_ADMIN is the right capability to
use here? Do you think we can keep it like that, or would it be better
to define a new CAP_CRYPTO_ADMIN capability?
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
