From ed77de9fc69076e6e7c85edf7c1b70650f53121a Mon Sep 17 00:00:00 2001
From: Harald Welte <laforge@netfilter.org>
Date: Wed, 9 Nov 2005 13:02:16 -0800
Subject: [PATCH] [NETFILTER] nfnetlink: only load subsystems if CAP_NET_ADMIN
 is set

Without this patch, any user can cause nfnetlink subsystems to be
autoloaded.  Those subsystems however could add significant processing
overhead to packet processing, and would refuse any configuration messages
from non-CAP_NET_ADMIN processes anyway.

This patch follows a suggestion from Patrick McHardy.

Signed-off-by: Harald Welte <laforge@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
---
Reading git-format-patch failed