This is a note to let you know that I've just added the patch titled
netlink: Rename netlink_capable netlink_allowed
to the 3.10-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
netlink-rename-netlink_capable-netlink_allowed.patch
and it can be found in the queue-3.10 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.
>From foo@baz Wed Jun 18 20:08:21 PDT 2014
From: "Eric W. Biederman" <ebiederm@xxxxxxxxxxxx>
Date: Wed, 23 Apr 2014 14:25:48 -0700
Subject: netlink: Rename netlink_capable netlink_allowed
From: "Eric W. Biederman" <ebiederm@xxxxxxxxxxxx>
[ Upstream commit 5187cd055b6e81fc6526109456f8b20623148d5f ]
netlink_capable is a static internal function in af_netlink.c and we
have better uses for the name netlink_capable.
Signed-off-by: "Eric W. Biederman" <ebiederm@xxxxxxxxxxxx>
Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
net/netlink/af_netlink.c | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
--- a/net/netlink/af_netlink.c
+++ b/net/netlink/af_netlink.c
@@ -1219,7 +1219,7 @@ retry:
return err;
}
-static inline int netlink_capable(const struct socket *sock, unsigned int flag)
+static inline int netlink_allowed(const struct socket *sock, unsigned int flag)
{
return (nl_table[sock->sk->sk_protocol].flags & flag) ||
ns_capable(sock_net(sock->sk)->user_ns, CAP_NET_ADMIN);
@@ -1287,7 +1287,7 @@ static int netlink_bind(struct socket *s
/* Only superuser is allowed to listen multicasts */
if (nladdr->nl_groups) {
- if (!netlink_capable(sock, NL_CFG_F_NONROOT_RECV))
+ if (!netlink_allowed(sock, NL_CFG_F_NONROOT_RECV))
return -EPERM;
err = netlink_realloc_groups(sk);
if (err)
@@ -1349,7 +1349,7 @@ static int netlink_connect(struct socket
return -EINVAL;
/* Only superuser is allowed to send multicasts */
- if (nladdr->nl_groups && !netlink_capable(sock, NL_CFG_F_NONROOT_SEND))
+ if (nladdr->nl_groups && !netlink_allowed(sock, NL_CFG_F_NONROOT_SEND))
return -EPERM;
if (!nlk->portid)
@@ -1921,7 +1921,7 @@ static int netlink_setsockopt(struct soc
break;
case NETLINK_ADD_MEMBERSHIP:
case NETLINK_DROP_MEMBERSHIP: {
- if (!netlink_capable(sock, NL_CFG_F_NONROOT_RECV))
+ if (!netlink_allowed(sock, NL_CFG_F_NONROOT_RECV))
return -EPERM;
err = netlink_realloc_groups(sk);
if (err)
@@ -2072,7 +2072,7 @@ static int netlink_sendmsg(struct kiocb
dst_group = ffs(addr->nl_groups);
err = -EPERM;
if ((dst_group || dst_portid) &&
- !netlink_capable(sock, NL_CFG_F_NONROOT_SEND))
+ !netlink_allowed(sock, NL_CFG_F_NONROOT_SEND))
goto out;
} else {
dst_portid = nlk->dst_portid;
Patches currently in stable-queue which might be from ebiederm@xxxxxxxxxxxx are
queue-3.10/net-use-netlink_ns_capable-to-verify-the-permisions-of-netlink-messages.patch
queue-3.10/net-add-variants-of-capable-for-use-on-on-sockets.patch
queue-3.10/netlink-only-check-file-credentials-for-implicit-destinations.patch
queue-3.10/ima-introduce-ima_kernel_read.patch
queue-3.10/netlink-rename-netlink_capable-netlink_allowed.patch
queue-3.10/net-add-variants-of-capable-for-use-on-netlink-messages.patch
queue-3.10/net-move-the-permission-check-in-sock_diag_put_filterinfo-to-packet_diag_dump.patch
--
To unsubscribe from this list: send the line "unsubscribe stable" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html