tproxy: Add missing CAP_NET_ADMIN check to ipv6 side

author Balazs Scheidler <bazsi@balabit.hu>

Sat, 23 Oct 2010 04:48:14 +0000 (04:48 +0000)

committer David S. Miller <davem@davemloft.net>

Sun, 24 Oct 2010 23:07:50 +0000 (16:07 -0700)
author Balazs Scheidler <bazsi@balabit.hu>
Sat, 23 Oct 2010 04:48:14 +0000 (04:48 +0000)
committer David S. Miller <davem@davemloft.net>
Sun, 24 Oct 2010 23:07:50 +0000 (16:07 -0700)
diff --git a/net/ipv6/ipv6_sockglue.c b/net/ipv6/ipv6_sockglue.c

index 0553867..d1770e0 100644 (file)
--- a/net/ipv6/ipv6_sockglue.c
+++ b/net/ipv6/ipv6_sockglue.c
@@ -343,6 +343,10 @@ static int do_ipv6_setsockopt(struct sock *sk, int level, int optname,
                 break;
  
         case IPV6_TRANSPARENT:
+               if (!capable(CAP_NET_ADMIN)) {
+                       retv = -EPERM;
+                       break;
+               }
                 if (optlen < sizeof(int))
                         goto e_inval;
                 /* we don't have a separate transparent bit for IPV6 we use the one in the IPv4 socket */
author	Balazs Scheidler <bazsi@balabit.hu>
	Sat, 23 Oct 2010 04:48:14 +0000 (04:48 +0000)
committer	David S. Miller <davem@davemloft.net>
	Sun, 24 Oct 2010 23:07:50 +0000 (16:07 -0700)