* [PATCH] ppp: allow usage in namespaces
@ 2017-10-27 18:08 Matteo Croce
2017-10-29 2:56 ` David Miller
0 siblings, 1 reply; 2+ messages in thread
From: Matteo Croce @ 2017-10-27 18:08 UTC (permalink / raw)
To: Paul Mackerras, linux-ppp, netdev; +Cc: David S . Miller
Check for CAP_NET_ADMIN with ns_capable() instead of capable()
to allow usage of ppp in user namespace other than the init one.
Signed-off-by: Matteo Croce <mcroce@redhat.com>
---
drivers/net/ppp/ppp_generic.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/ppp/ppp_generic.c b/drivers/net/ppp/ppp_generic.c
index 6566107cef84..af7f93ed1487 100644
--- a/drivers/net/ppp/ppp_generic.c
+++ b/drivers/net/ppp/ppp_generic.c
@@ -390,7 +390,7 @@ static int ppp_open(struct inode *inode, struct file *file)
/*
* This could (should?) be enforced by the permissions on /dev/ppp.
*/
- if (!capable(CAP_NET_ADMIN))
+ if (!ns_capable(file->f_cred->user_ns, CAP_NET_ADMIN))
return -EPERM;
return 0;
}
--
2.13.6
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH] ppp: allow usage in namespaces
2017-10-27 18:08 [PATCH] ppp: allow usage in namespaces Matteo Croce
@ 2017-10-29 2:56 ` David Miller
0 siblings, 0 replies; 2+ messages in thread
From: David Miller @ 2017-10-29 2:56 UTC (permalink / raw)
To: mcroce; +Cc: paulus, linux-ppp, netdev
From: Matteo Croce <mcroce@redhat.com>
Date: Fri, 27 Oct 2017 20:08:23 +0200
> Check for CAP_NET_ADMIN with ns_capable() instead of capable()
> to allow usage of ppp in user namespace other than the init one.
>
> Signed-off-by: Matteo Croce <mcroce@redhat.com>
Ok, applied to net-next.
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2017-10-29 2:56 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-10-27 18:08 [PATCH] ppp: allow usage in namespaces Matteo Croce
2017-10-29 2:56 ` David Miller
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).