Commit b889416b authored by Balazs Scheidler's avatar Balazs Scheidler Committed by David S. Miller

tproxy: Add missing CAP_NET_ADMIN check to ipv6 side

IP_TRANSPARENT requires root (more precisely CAP_NET_ADMIN privielges)
for IPV6.

However as I see right now this check was missed from the IPv6
implementation.
Acked-by: default avatarYOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent 0561cf3d
...@@ -343,6 +343,10 @@ static int do_ipv6_setsockopt(struct sock *sk, int level, int optname, ...@@ -343,6 +343,10 @@ static int do_ipv6_setsockopt(struct sock *sk, int level, int optname,
break; break;
case IPV6_TRANSPARENT: case IPV6_TRANSPARENT:
if (!capable(CAP_NET_ADMIN)) {
retv = -EPERM;
break;
}
if (optlen < sizeof(int)) if (optlen < sizeof(int))
goto e_inval; goto e_inval;
/* we don't have a separate transparent bit for IPV6 we use the one in the IPv4 socket */ /* we don't have a separate transparent bit for IPV6 we use the one in the IPv4 socket */
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment