[ovs-discuss] [PATCH] brcompat_mod: Check if user has CAP_NET_ADMIN in ioctl handler

Ben Pfaff blp at nicira.com
Wed Sep 15 16:43:55 UTC 2010


[Adding dev]

On Wed, Sep 15, 2010 at 02:33:51PM +0200, Vivien Bernet-Rollande wrote:
> 
> This patch checks that the user calling ioctl() to create, delete, or
> modify bridges has the CAP_NET_ADMIN capability. This prevents
> unpriviledged users from modifying the bridge configuration through
> brcompatd. The checks are actually the same performed in
> net/bridge/br_ioctl.c by the Linux kernel.

Thank you very much.  This looks good.  In Jesse's absence, I'm happy to
apply it, if I can have your Signed-off-by?




More information about the discuss mailing list