• Eric W. Biederman's avatar
    net: Allow userns root to control the network bridge code. · cb990503
    Eric W. Biederman authored
    Allow an unpriviled user who has created a user namespace, and then
    created a network namespace to effectively use the new network
    namespace, by reducing capable(CAP_NET_ADMIN) and
    capable(CAP_NET_RAW) calls to be ns_capable(net->user_ns,
    CAP_NET_ADMIN), or capable(net->user_ns, CAP_NET_RAW) calls.
    
    Allow setting bridge paramters via sysfs.
    
    Allow all of the bridge ioctls:
    BRCTL_ADD_IF
    BRCTL_DEL_IF
    BRCTL_SET_BRDIGE_FORWARD_DELAY
    BRCTL_SET_BRIDGE_HELLO_TIME
    BRCTL_SET_BRIDGE_MAX_AGE
    BRCTL_SET_BRIDGE_AGING_TIME
    BRCTL_SET_BRIDGE_STP_STATE
    BRCTL_SET_BRIDGE_PRIORITY
    BRCTL_SET_PORT_PRIORITY
    BRCTL_SET_PATH_COST
    BRCTL_ADD_BRIDGE
    BRCTL_DEL_BRDIGE
    Signed-off-by: default avatar"Eric W. Biederman" <ebiederm@xmission.com>
    Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
    cb990503
br_ioctl.c 8.93 KB