From b51642f6d77b131dc85d1d71029c3cbb5b07c262 Mon Sep 17 00:00:00 2001
From: "Eric W. Biederman" <ebiederm@xmission.com>
Date: Fri, 16 Nov 2012 03:03:11 +0000
Subject: net: Enable a userns root rtnl calls that are safe for unprivilged
 users

- Only allow moving network devices to network namespaces you have
  CAP_NET_ADMIN privileges over.

- Enable creating/deleting/modifying interfaces
- Enable adding/deleting addresses
- Enable adding/setting/deleting neighbour entries
- Enable adding/removing routes
- Enable adding/removing fib rules
- Enable setting the forwarding state
- Enable adding/removing ipv6 address labels
- Enable setting bridge parameter

Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
---
 net/bridge/br_netlink.c | 3 ---
 1 file changed, 3 deletions(-)

(limited to 'net/bridge')

diff --git a/net/bridge/br_netlink.c b/net/bridge/br_netlink.c
index 49e14937019..65429b99a2a 100644
--- a/net/bridge/br_netlink.c
+++ b/net/bridge/br_netlink.c
@@ -240,9 +240,6 @@ int br_setlink(struct net_device *dev, struct nlmsghdr *nlh)
 	struct nlattr *tb[IFLA_BRPORT_MAX];
 	int err;
 
-	if (!capable(CAP_NET_ADMIN))
-		return -EPERM;
-
 	ifm = nlmsg_data(nlh);
 
 	protinfo = nlmsg_find_attr(nlh, sizeof(*ifm), IFLA_PROTINFO);
-- 
cgit v1.2.3-18-g5258