ppp: allow usage in namespaces
Check for CAP_NET_ADMIN with ns_capable() instead of capable() to allow usage of ppp in user namespace other than the init one. Signed-off-by: Matteo Croce <mcroce@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
Родитель
87e3de1e4e
Коммит
90e229ef61
|
@ -390,7 +390,7 @@ static int ppp_open(struct inode *inode, struct file *file)
|
||||||
/*
|
/*
|
||||||
* This could (should?) be enforced by the permissions on /dev/ppp.
|
* This could (should?) be enforced by the permissions on /dev/ppp.
|
||||||
*/
|
*/
|
||||||
if (!capable(CAP_NET_ADMIN))
|
if (!ns_capable(file->f_cred->user_ns, CAP_NET_ADMIN))
|
||||||
return -EPERM;
|
return -EPERM;
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
Загрузка…
Ссылка в новой задаче