diff options
author | Florian Westphal <fwestphal@astaro.com> | 2010-01-08 17:31:24 +0100 |
---|---|---|
committer | Patrick McHardy <kaber@trash.net> | 2010-01-08 17:31:24 +0100 |
commit | dce766af541f6605fa9889892c0280bab31c66ab (patch) | |
tree | fd9a11a09bf038336429f33dc092333aa745edb1 /include/linux/memory.h | |
parent | aaff23a95aea5f000895f50d90e91f1e2f727002 (diff) | |
download | linux-stable-dce766af541f6605fa9889892c0280bab31c66ab.tar.gz linux-stable-dce766af541f6605fa9889892c0280bab31c66ab.tar.bz2 linux-stable-dce766af541f6605fa9889892c0280bab31c66ab.zip |
netfilter: ebtables: enforce CAP_NET_ADMIN
normal users are currently allowed to set/modify ebtables rules.
Restrict it to processes with CAP_NET_ADMIN.
Note that this cannot be reproduced with unmodified ebtables binary
because it uses SOCK_RAW.
Signed-off-by: Florian Westphal <fwestphal@astaro.com>
Cc: stable@kernel.org
Signed-off-by: Patrick McHardy <kaber@trash.net>
Diffstat (limited to 'include/linux/memory.h')
0 files changed, 0 insertions, 0 deletions