[ovs-discuss] [ovs-dev] [PATCH] brcompat_mod: Check if user has CAP_NET_ADMIN in ioctl handler
jesse at nicira.com
Thu Sep 16 18:05:33 UTC 2010
On Wed, Sep 15, 2010 at 9:43 AM, Ben Pfaff <blp at nicira.com> wrote:
> [Adding dev]
> On Wed, Sep 15, 2010 at 02:33:51PM +0200, Vivien Bernet-Rollande wrote:
>> This patch checks that the user calling ioctl() to create, delete, or
>> modify bridges has the CAP_NET_ADMIN capability. This prevents
>> unpriviledged users from modifying the bridge configuration through
>> brcompatd. The checks are actually the same performed in
>> net/bridge/br_ioctl.c by the Linux kernel.
> Thank you very much. This looks good. In Jesse's absence, I'm happy to
> apply it, if I can have your Signed-off-by?
Vivian provided a signed-off-by via private email so I applied this patch.
More information about the discuss