This reverts commit 52b6df12cf62fc92edadcec3860f6418d4d8333e. Signed-off-by: Andrew Vagin <ava...@openvz.org> --- net/bridge/br_ioctl.c | 33 +++++++++++---------------------- net/core/dev_ioctl.c | 8 ++++---- 2 files changed, 15 insertions(+), 26 deletions(-)
diff --git a/net/bridge/br_ioctl.c b/net/bridge/br_ioctl.c index 45c4c22..98447b8 100644 --- a/net/bridge/br_ioctl.c +++ b/net/bridge/br_ioctl.c @@ -89,8 +89,7 @@ static int add_del_if(struct net_bridge *br, int ifindex, int isadd) struct net_device *dev; int ret; - if (!ns_capable(net->user_ns, CAP_NET_ADMIN) && - !ns_capable(net->user_ns, CAP_VE_NET_ADMIN)) + if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) return -EPERM; dev = __dev_get_by_index(net, ifindex); @@ -180,29 +179,25 @@ static int old_dev_ioctl(struct net_device *dev, struct ifreq *rq, int cmd) } case BRCTL_SET_BRIDGE_FORWARD_DELAY: - if (!ns_capable(dev_net(dev)->user_ns, CAP_NET_ADMIN) && - !ns_capable(dev_net(dev)->user_ns, CAP_VE_NET_ADMIN)) + if (!ns_capable(dev_net(dev)->user_ns, CAP_NET_ADMIN)) return -EPERM; return br_set_forward_delay(br, args[1]); case BRCTL_SET_BRIDGE_HELLO_TIME: - if (!ns_capable(dev_net(dev)->user_ns, CAP_NET_ADMIN) && - !ns_capable(dev_net(dev)->user_ns, CAP_VE_NET_ADMIN)) + if (!ns_capable(dev_net(dev)->user_ns, CAP_NET_ADMIN)) return -EPERM; return br_set_hello_time(br, args[1]); case BRCTL_SET_BRIDGE_MAX_AGE: - if (!ns_capable(dev_net(dev)->user_ns, CAP_NET_ADMIN) && - !ns_capable(dev_net(dev)->user_ns, CAP_VE_NET_ADMIN)) + if (!ns_capable(dev_net(dev)->user_ns, CAP_NET_ADMIN)) return -EPERM; return br_set_max_age(br, args[1]); case BRCTL_SET_AGEING_TIME: - if (!ns_capable(dev_net(dev)->user_ns, CAP_NET_ADMIN) && - !ns_capable(dev_net(dev)->user_ns, CAP_VE_NET_ADMIN)) + if (!ns_capable(dev_net(dev)->user_ns, CAP_NET_ADMIN)) return -EPERM; br->ageing_time = clock_t_to_jiffies(args[1]); @@ -242,16 +237,14 @@ static int old_dev_ioctl(struct net_device *dev, struct ifreq *rq, int cmd) } case BRCTL_SET_BRIDGE_STP_STATE: - if (!ns_capable(dev_net(dev)->user_ns, CAP_NET_ADMIN) && - !ns_capable(dev_net(dev)->user_ns, CAP_VE_NET_ADMIN)) + if (!ns_capable(dev_net(dev)->user_ns, CAP_NET_ADMIN)) return -EPERM; br_stp_set_enabled(br, args[1]); return 0; case BRCTL_SET_BRIDGE_PRIORITY: - if (!ns_capable(dev_net(dev)->user_ns, CAP_NET_ADMIN) && - !ns_capable(dev_net(dev)->user_ns, CAP_VE_NET_ADMIN)) + if (!ns_capable(dev_net(dev)->user_ns, CAP_NET_ADMIN)) return -EPERM; spin_lock_bh(&br->lock); @@ -264,8 +257,7 @@ static int old_dev_ioctl(struct net_device *dev, struct ifreq *rq, int cmd) struct net_bridge_port *p; int ret; - if (!ns_capable(dev_net(dev)->user_ns, CAP_NET_ADMIN) && - !ns_capable(dev_net(dev)->user_ns, CAP_VE_NET_ADMIN)) + if (!ns_capable(dev_net(dev)->user_ns, CAP_NET_ADMIN)) return -EPERM; spin_lock_bh(&br->lock); @@ -282,8 +274,7 @@ static int old_dev_ioctl(struct net_device *dev, struct ifreq *rq, int cmd) struct net_bridge_port *p; int ret; - if (!ns_capable(dev_net(dev)->user_ns, CAP_NET_ADMIN) && - !ns_capable(dev_net(dev)->user_ns, CAP_VE_NET_ADMIN)) + if (!ns_capable(dev_net(dev)->user_ns, CAP_NET_ADMIN)) return -EPERM; spin_lock_bh(&br->lock); @@ -340,8 +331,7 @@ static int old_deviceless(struct net *net, void __user *uarg) { char buf[IFNAMSIZ]; - if (!ns_capable(net->user_ns, CAP_NET_ADMIN) && - !ns_capable(net->user_ns, CAP_VE_NET_ADMIN)) + if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) return -EPERM; if (copy_from_user(buf, (void __user *)args[1], IFNAMSIZ)) @@ -374,8 +364,7 @@ int br_ioctl_deviceless_stub(struct net *net, unsigned int cmd, void __user *uar { char buf[IFNAMSIZ]; - if (!ns_capable(net->user_ns, CAP_NET_ADMIN) && - !ns_capable(net->user_ns, CAP_VE_NET_ADMIN)) + if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) return -EPERM; if (copy_from_user(buf, uarg, IFNAMSIZ)) diff --git a/net/core/dev_ioctl.c b/net/core/dev_ioctl.c index 021681b..77df687 100644 --- a/net/core/dev_ioctl.c +++ b/net/core/dev_ioctl.c @@ -502,13 +502,9 @@ int dev_ioctl(struct net *net, unsigned int cmd, void __user *arg) * - do not return a value */ case SIOCSIFMAP: - case SIOCSIFSLAVE: case SIOCSIFMTU: case SIOCSIFHWADDR: case SIOCSIFFLAGS: - case SIOCSIFMETRIC: - case SIOCBRADDIF: - case SIOCBRDELIF: if (!ns_capable(net->user_ns, CAP_NET_ADMIN) && !ns_capable(net->user_ns, CAP_VE_NET_ADMIN)) return -EPERM; @@ -518,6 +514,8 @@ int dev_ioctl(struct net *net, unsigned int cmd, void __user *arg) rtnl_unlock(); return ret; + case SIOCSIFMETRIC: + case SIOCSIFSLAVE: case SIOCADDMULTI: case SIOCDELMULTI: case SIOCSIFHWBROADCAST: @@ -526,6 +524,8 @@ int dev_ioctl(struct net *net, unsigned int cmd, void __user *arg) case SIOCBONDRELEASE: case SIOCBONDSETHWADDR: case SIOCBONDCHANGEACTIVE: + case SIOCBRADDIF: + case SIOCBRDELIF: case SIOCSHWTSTAMP: if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) return -EPERM; -- 1.7.1 _______________________________________________ Devel mailing list Devel@openvz.org https://lists.openvz.org/mailman/listinfo/devel