ppp: allow usage in namespaces
Check for CAP_NET_ADMIN with ns_capable() instead of capable() to allow usage of ppp in user namespace other than the init one. Signed-off-by: Matteo Croce <mcroce@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
Родитель
87e3de1e4e
Коммит
90e229ef61
|
@ -390,7 +390,7 @@ static int ppp_open(struct inode *inode, struct file *file)
|
|||
/*
|
||||
* This could (should?) be enforced by the permissions on /dev/ppp.
|
||||
*/
|
||||
if (!capable(CAP_NET_ADMIN))
|
||||
if (!ns_capable(file->f_cred->user_ns, CAP_NET_ADMIN))
|
||||
return -EPERM;
|
||||
return 0;
|
||||
}
|
||||
|
|
Загрузка…
Ссылка в новой задаче