From: Florian Westphal <fwestphal@astaro.com>
Date: Fri, 8 Jan 2010 16:31:24 +0000 (+0100)
Subject: netfilter: ebtables: enforce CAP_NET_ADMIN
X-Git-Tag: v2.6.27.44~5
X-Git-Url: http://git.openpandora.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f21c582a940198ef810e7744c9f91cdafd1a6ed5;p=pandora-kernel.git

netfilter: ebtables: enforce CAP_NET_ADMIN

commit dce766af541f6605fa9889892c0280bab31c66ab upstream.

normal users are currently allowed to set/modify ebtables rules.
Restrict it to processes with CAP_NET_ADMIN.

Note that this cannot be reproduced with unmodified ebtables binary
because it uses SOCK_RAW.

Signed-off-by: Florian Westphal <fwestphal@astaro.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---

Reading git-diff-tree failed