From: Florian Westphal <fwestphal@astaro.com>
Date: Fri, 8 Jan 2010 16:31:24 +0000 (+0100)
Subject: netfilter: ebtables: enforce CAP_NET_ADMIN
X-Git-Tag: v2.6.33-rc4~10^2~4^2
X-Git-Url: http://git.openpandora.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=dce766af541f6605fa9889892c0280bab31c66ab;p=pandora-kernel.git

netfilter: ebtables: enforce CAP_NET_ADMIN

normal users are currently allowed to set/modify ebtables rules.
Restrict it to processes with CAP_NET_ADMIN.

Note that this cannot be reproduced with unmodified ebtables binary
because it uses SOCK_RAW.

Signed-off-by: Florian Westphal <fwestphal@astaro.com>
Cc: stable@kernel.org
Signed-off-by: Patrick McHardy <kaber@trash.net>
---

Reading git-diff-tree failed