redonkable
/
remarkable-linux
1
0
Fork 0
Code Releases Activity
remarkable-linux/net/ipv6
History
Eric W. Biederman dfc47ef863 net: Push capable(CAP_NET_ADMIN) into the rtnl methods 
- In rtnetlink_rcv_msg convert the capable(CAP_NET_ADMIN) check
  to ns_capable(net->user-ns, CAP_NET_ADMIN).  Allowing unprivileged
  users to make netlink calls to modify their local network
  namespace.

- In the rtnetlink doit methods add capable(CAP_NET_ADMIN) so
  that calls that are not safe for unprivileged users are still
  protected.

Later patches will remove the extra capable calls from methods
that are safe for unprivilged users.

Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
 		2012-11-18 20:32:44 -05:00
..
netfilter Merge branch 'master' of git://1984.lsi.us.es/nf-next 2012-11-16 12:42:43 -05:00
Kconfig gre: Support GRE over IPv6 2012-08-14 14:28:32 -07:00
Makefile ipv6: Preserve ipv6 functionality needed by NET 2012-11-18 02:34:00 -05:00
addrconf.c net: Push capable(CAP_NET_ADMIN) into the rtnl methods 2012-11-18 20:32:44 -05:00
addrconf_core.c net: cleanup unsigned to unsigned int 2012-04-15 12:44:40 -04:00
addrlabel.c net: Push capable(CAP_NET_ADMIN) into the rtnl methods 2012-11-18 20:32:44 -05:00
af_inet6.c ipv6: Pull IPv6 GSO registration out of the module 2012-11-15 17:39:24 -05:00
ah6.c ipv6: use IS_ENABLED() 2012-11-01 12:41:35 -04:00
anycast.c ipv6: introduce ip6_rt_put() 2012-11-03 14:59:05 -04:00
datagram.c ipv6: use IS_ENABLED() 2012-11-01 12:41:35 -04:00
esp6.c net: ipv6: fix error return code 2012-08-31 16:27:48 -04:00
exthdrs.c ipv6: Pull IPv6 GSO registration out of the module 2012-11-15 17:39:24 -05:00
exthdrs_core.c ipv6: Update ipv6 static library with newly needed functions 2012-11-15 17:39:23 -05:00
exthdrs_offload.c ipv6: Pull IPv6 GSO registration out of the module 2012-11-15 17:39:24 -05:00
fib6_rules.c ipv6: introduce ip6_rt_put() 2012-11-03 14:59:05 -04:00
icmp.c net: Don't export sysctls to unprivileged users 2012-11-18 20:30:55 -05:00
inet6_connection_sock.c ipv6: use net->rt_genid to check dst validity 2012-09-18 15:57:03 -04:00
inet6_hashtables.c net: Compute protocol sequence numbers and fragment IDs using MD5. 2011-08-06 18:33:19 -07:00
ip6_fib.c ipv6: add support of equal cost multipath (ECMP) 2012-10-23 02:38:32 -04:00
ip6_flowlabel.c ipv6: move dereference after check in fl_free() 2012-08-16 16:04:42 -07:00
ip6_gre.c net: unify for_each_ip_tunnel_rcu() 2012-11-14 18:49:50 -05:00
ip6_input.c net: TCP early demux cleanup 2012-07-30 14:53:21 -07:00
ip6_offload.c net: Remove code duplication between offload structures 2012-11-15 17:39:51 -05:00
ip6_offload.h ipv6: Pull IPv6 GSO registration out of the module 2012-11-15 17:39:24 -05:00
ip6_output.c ipv6: Update ipv6 static library with newly needed functions 2012-11-15 17:39:23 -05:00
ip6_tunnel.c ip6tnl: fix sparse warnings in ip6_tnl_netlink_parms() 2012-11-15 13:46:29 -05:00
ip6mr.c sections: fix section conflicts in net 2012-10-06 03:04:45 +09:00
ipcomp6.c ipv6: Add redirect support to all protocol icmp error handlers. 2012-07-12 00:25:15 -07:00
ipv6_sockglue.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2012-11-17 22:00:43 -05:00
mcast.c ipv6: introduce ip6_rt_put() 2012-11-03 14:59:05 -04:00
mip6.c ipv6: mip6: fix mip6_mh_filter() 2012-09-25 16:04:44 -04:00
ndisc.c ipv6: add knob to send unsolicited ND on link-layer address change 2012-11-13 14:27:45 -05:00
netfilter.c netfilter: ipv6: expand skb head in ip6_route_me_harder after oif change 2012-08-30 03:00:15 +02:00
output_core.c ipv6: Update ipv6 static library with newly needed functions 2012-11-15 17:39:23 -05:00
proc.c net: ipv6: proc: Fix error handling 2012-08-14 14:45:07 -07:00
protocol.c ipv6: Pull IPv6 GSO registration out of the module 2012-11-15 17:39:24 -05:00
raw.c ipv6: use IS_ENABLED() 2012-11-01 12:41:35 -04:00
reassembly.c net: Don't export sysctls to unprivileged users 2012-11-18 20:30:55 -05:00
route.c net: Push capable(CAP_NET_ADMIN) into the rtnl methods 2012-11-18 20:32:44 -05:00
sit.c sit: fix sparse warnings 2012-11-15 13:46:29 -05:00
syncookies.c tcp: better retrans tracking for defer-accept 2012-11-03 14:45:00 -04:00
sysctl_net_ipv6.c net: Don't export sysctls to unprivileged users 2012-11-18 20:30:55 -05:00
tcp_ipv6.c ipv6: Pull IPv6 GSO registration out of the module 2012-11-15 17:39:24 -05:00
tcpv6_offload.c net: Remove code duplication between offload structures 2012-11-15 17:39:51 -05:00
tunnel6.c net: ipv6: Standardize prefixes for message logging 2012-05-16 01:01:03 -04:00
udp.c ipv6: Pull IPv6 GSO registration out of the module 2012-11-15 17:39:24 -05:00
udp_impl.h net: Make setsockopt() optlen be unsigned. 2009-09-30 16:12:20 -07:00
udp_offload.c ipv6: Fix build error with udp_offload 2012-11-15 22:48:32 -05:00
udplite.c Merge branch 'modsplit-Oct31_2011' of git://git.kernel.org/pub/scm/linux/kernel/git/paulg/linux 2011-11-06 19:44:47 -08:00
xfrm6_input.c netfilter: ipv6: use NFPROTO values for NF_HOOK invocation 2010-03-25 16:00:49 +01:00
xfrm6_mode_beet.c ipsec: be careful of non existing mac headers 2012-02-23 16:50:45 -05:00
xfrm6_mode_ro.c [IPSEC]: Make x->lastused an unsigned long 2008-01-28 14:53:52 -08:00
xfrm6_mode_transport.c [IPSEC]: Use IPv6 calling convention as the convention for x->mode->output 2007-10-10 16:55:54 -07:00
xfrm6_mode_tunnel.c ipsec: be careful of non existing mac headers 2012-02-23 16:50:45 -05:00
xfrm6_output.c xfrm6: remove unneeded NULL check in __xfrm6_output() 2012-02-01 02:52:48 -05:00
xfrm6_policy.c ipv6: use IS_ENABLED() 2012-11-01 12:41:35 -04:00
xfrm6_state.c ipv6: use IS_ENABLED() 2012-11-01 12:41:35 -04:00
xfrm6_tunnel.c net: cleanup unsigned to unsigned int 2012-04-15 12:44:40 -04:00