[ovs-discuss] [PATCH] brcompat_mod: Check if user has CAP_NET_ADMIN in ioctl handler
blp at nicira.com
Wed Sep 15 16:43:55 UTC 2010
On Wed, Sep 15, 2010 at 02:33:51PM +0200, Vivien Bernet-Rollande wrote:
> This patch checks that the user calling ioctl() to create, delete, or
> modify bridges has the CAP_NET_ADMIN capability. This prevents
> unpriviledged users from modifying the bridge configuration through
> brcompatd. The checks are actually the same performed in
> net/bridge/br_ioctl.c by the Linux kernel.
Thank you very much. This looks good. In Jesse's absence, I'm happy to
apply it, if I can have your Signed-off-by?
More information about the discuss