Restrict two generic netlink multicast groups - in the "psample" and "NET_DM" families - to be root-only with the appropriate capabilities. Patch #1 is a dependency of patch #2 which is needed by the actual fixes in patches #3 and #4. Florian Westphal (1): netlink: don't call ->netlink_bind with table lock held Ido Schimmel (3): genetlink: add CAP_NET_ADMIN test for multicast bind psample: Require 'CAP_NET_ADMIN' when joining "packets" group drop_monitor: Require 'CAP_SYS_ADMIN' when joining "events" group include/net/genetlink.h | 3 +++ net/core/drop_monitor.c | 4 +++- net/netlink/af_netlink.c | 4 ++-- net/netlink/genetlink.c | 35 +++++++++++++++++++++++++++++++++++ net/psample/psample.c | 3 ++- 5 files changed, 45 insertions(+), 4 deletions(-) -- 2.40.1
