[ovs-discuss] [ovs-dev] [PATCH] brcompat_mod: Check if user has CAP_NET_ADMIN in ioctl handler

Jesse Gross jesse at nicira.com
Thu Sep 16 18:05:33 UTC 2010


On Wed, Sep 15, 2010 at 9:43 AM, Ben Pfaff <blp at nicira.com> wrote:
> [Adding dev]
>
> On Wed, Sep 15, 2010 at 02:33:51PM +0200, Vivien Bernet-Rollande wrote:
>>
>> This patch checks that the user calling ioctl() to create, delete, or
>> modify bridges has the CAP_NET_ADMIN capability. This prevents
>> unpriviledged users from modifying the bridge configuration through
>> brcompatd. The checks are actually the same performed in
>> net/bridge/br_ioctl.c by the Linux kernel.
>
> Thank you very much.  This looks good.  In Jesse's absence, I'm happy to
> apply it, if I can have your Signed-off-by?

Vivian provided a signed-off-by via private email so I applied this patch.




More information about the discuss mailing list