net: Enable a userns root rtnl calls that are safe for unprivilged users (b51642f6) · Commits · e / devices / android_kernel_teracube_mt6765

net/bridge/br_netlink.c

+0 −3

Original line number	Diff line number	Diff line
		@@ -240,9 +240,6 @@ int br_setlink(struct net_device dev, struct nlmsghdr nlh)
		struct nlattr *tb[IFLA_BRPORT_MAX];
		int err;

		if (!capable(CAP_NET_ADMIN))
		return -EPERM;

		ifm = nlmsg_data(nlh);

		protinfo = nlmsg_find_attr(nlh, sizeof(*ifm), IFLA_PROTINFO);

+0 −6

Original line number	Diff line number	Diff line
		@@ -275,9 +275,6 @@ static int fib_nl_newrule(struct sk_buff skb, struct nlmsghdr nlh, void *arg)
		struct nlattr *tb[FRA_MAX+1];
		int err = -EINVAL, unresolved = 0;

		if (!capable(CAP_NET_ADMIN))
		return -EPERM;

		if (nlh->nlmsg_len < nlmsg_msg_size(sizeof(*frh)))
		goto errout;

		@@ -427,9 +424,6 @@ static int fib_nl_delrule(struct sk_buff skb, struct nlmsghdr nlh, void *arg)
		struct nlattr *tb[FRA_MAX+1];
		int err = -EINVAL;

		if (!capable(CAP_NET_ADMIN))
		return -EPERM;

		if (nlh->nlmsg_len < nlmsg_msg_size(sizeof(*frh)))
		goto errout;

+0 −9

Original line number	Diff line number	Diff line
		@@ -1620,9 +1620,6 @@ static int neigh_delete(struct sk_buff skb, struct nlmsghdr nlh, void *arg)
		struct net_device *dev = NULL;
		int err = -EINVAL;

		if (!capable(CAP_NET_ADMIN))
		return -EPERM;

		ASSERT_RTNL();
		if (nlmsg_len(nlh) < sizeof(*ndm))
		goto out;
		@@ -1687,9 +1684,6 @@ static int neigh_add(struct sk_buff skb, struct nlmsghdr nlh, void *arg)
		struct net_device *dev = NULL;
		int err;

		if (!capable(CAP_NET_ADMIN))
		return -EPERM;

		ASSERT_RTNL();
		err = nlmsg_parse(nlh, sizeof(*ndm), tb, NDA_MAX, NULL);
		if (err < 0)
		@@ -1968,9 +1962,6 @@ static int neightbl_set(struct sk_buff skb, struct nlmsghdr nlh, void *arg)
		struct nlattr *tb[NDTA_MAX+1];
		int err;

		if (!capable(CAP_NET_ADMIN))
		return -EPERM;

		err = nlmsg_parse(nlh, sizeof(*ndtmsg), tb, NDTA_MAX,
		nl_neightbl_policy);
		if (err < 0)

+4 −9

Original line number	Diff line number	Diff line
		@@ -1316,6 +1316,10 @@ static int do_setlink(struct net_device dev, struct ifinfomsg ifm,
		err = PTR_ERR(net);
		goto errout;
		}
		if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) {
		err = -EPERM;
		goto errout;
		}
		err = dev_change_net_namespace(dev, net, ifname);
		put_net(net);
		if (err)
		@@ -1547,9 +1551,6 @@ static int rtnl_setlink(struct sk_buff skb, struct nlmsghdr nlh, void *arg)
		struct nlattr *tb[IFLA_MAX+1];
		char ifname[IFNAMSIZ];

		if (!capable(CAP_NET_ADMIN))
		return -EPERM;

		err = nlmsg_parse(nlh, sizeof(*ifm), tb, IFLA_MAX, ifla_policy);
		if (err < 0)
		goto errout;
		@@ -1593,9 +1594,6 @@ static int rtnl_dellink(struct sk_buff skb, struct nlmsghdr nlh, void *arg)
		int err;
		LIST_HEAD(list_kill);

		if (!capable(CAP_NET_ADMIN))
		return -EPERM;

		err = nlmsg_parse(nlh, sizeof(*ifm), tb, IFLA_MAX, ifla_policy);
		if (err < 0)
		return err;
		@@ -1726,9 +1724,6 @@ static int rtnl_newlink(struct sk_buff skb, struct nlmsghdr nlh, void *arg)
		struct nlattr *linkinfo[IFLA_INFO_MAX+1];
		int err;

		if (!capable(CAP_NET_ADMIN))
		return -EPERM;

		#ifdef CONFIG_MODULES
		replay:
		#endif

+0 −6

Original line number	Diff line number	Diff line
		@@ -539,9 +539,6 @@ static int inet_rtm_deladdr(struct sk_buff skb, struct nlmsghdr nlh, void *arg

		ASSERT_RTNL();

		if (!capable(CAP_NET_ADMIN))
		return -EPERM;

		err = nlmsg_parse(nlh, sizeof(*ifm), tb, IFA_MAX, ifa_ipv4_policy);
		if (err < 0)
		goto errout;
		@@ -649,9 +646,6 @@ static int inet_rtm_newaddr(struct sk_buff skb, struct nlmsghdr nlh, void *arg

		ASSERT_RTNL();

		if (!capable(CAP_NET_ADMIN))
		return -EPERM;

		ifa = rtm_to_ifaddr(net, nlh);
		if (IS_ERR(ifa))
		return PTR_ERR(ifa);