From patchwork Fri Feb 1 02:30:59 2013 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gao feng X-Patchwork-Id: 217336 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 1B7472C007C for ; Fri, 1 Feb 2013 13:30:56 +1100 (EST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754968Ab3BACav (ORCPT ); Thu, 31 Jan 2013 21:30:51 -0500 Received: from cn.fujitsu.com ([222.73.24.84]:19418 "EHLO song.cn.fujitsu.com" rhost-flags-OK-FAIL-OK-OK) by vger.kernel.org with ESMTP id S1754229Ab3BACao (ORCPT ); Thu, 31 Jan 2013 21:30:44 -0500 X-IronPort-AV: E=Sophos;i="4.84,579,1355068800"; d="scan'208";a="6674003" Received: from unknown (HELO tang.cn.fujitsu.com) ([10.167.250.3]) by song.cn.fujitsu.com with ESMTP; 01 Feb 2013 10:28:29 +0800 Received: from fnstmail02.fnst.cn.fujitsu.com (tang.cn.fujitsu.com [127.0.0.1]) by tang.cn.fujitsu.com (8.14.3/8.13.1) with ESMTP id r112Ud8D014532; Fri, 1 Feb 2013 10:30:39 +0800 Received: from Donkey.fnst.cn.fujitsu.com ([10.167.225.206]) by fnstmail02.fnst.cn.fujitsu.com (Lotus Domino Release 8.5.3) with ESMTP id 2013020110292967-216066 ; Fri, 1 Feb 2013 10:29:29 +0800 From: Gao feng To: davem@davemloft.net Cc: netdev@vger.kernel.org, containers@lists.linux-foundation.org, ebiederm@xmission.com, serge@hallyn.com, pablo@netfilter.org, amwang@redhat.com, Gao feng Subject: [PATCH net-next 3/4] netns: bridge: allow unprivileged users add/delete mdb entry Date: Fri, 1 Feb 2013 10:30:59 +0800 Message-Id: <1359685860-29636-3-git-send-email-gaofeng@cn.fujitsu.com> X-Mailer: git-send-email 1.7.11.7 In-Reply-To: <1359685860-29636-1-git-send-email-gaofeng@cn.fujitsu.com> References: <1359685860-29636-1-git-send-email-gaofeng@cn.fujitsu.com> X-MIMETrack: Itemize by SMTP Server on mailserver/fnst(Release 8.5.3|September 15, 2011) at 2013/02/01 10:29:29, Serialize by Router on mailserver/fnst(Release 8.5.3|September 15, 2011) at 2013/02/01 10:29:30, Serialize complete at 2013/02/01 10:29:30 Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org since the mdb table is belong to bridge device,and the bridge device can only be seen in one netns. So it's safe to allow unprivileged user which is the creator of userns and netns to modify the mdb table. Signed-off-by: Gao feng --- net/bridge/br_mdb.c | 3 --- 1 file changed, 3 deletions(-) diff --git a/net/bridge/br_mdb.c b/net/bridge/br_mdb.c index acc9f4c..38991e0 100644 --- a/net/bridge/br_mdb.c +++ b/net/bridge/br_mdb.c @@ -272,9 +272,6 @@ static int br_mdb_parse(struct sk_buff *skb, struct nlmsghdr *nlh, struct net_device *dev; int err; - if (!capable(CAP_NET_ADMIN)) - return -EPERM; - err = nlmsg_parse(nlh, sizeof(*bpm), tb, MDBA_SET_ENTRY, NULL); if (err < 0) return err;