kernel-ark/net/bridge
Florian Westphal dce766af54 netfilter: ebtables: enforce CAP_NET_ADMIN
normal users are currently allowed to set/modify ebtables rules.
Restrict it to processes with CAP_NET_ADMIN.

Note that this cannot be reproduced with unmodified ebtables binary
because it uses SOCK_RAW.

Signed-off-by: Florian Westphal <fwestphal@astaro.com>
Cc: stable@kernel.org
Signed-off-by: Patrick McHardy <kaber@trash.net>
2010-01-08 17:31:24 +01:00
..
netfilter netfilter: ebtables: enforce CAP_NET_ADMIN 2010-01-08 17:31:24 +01:00
br_device.c bridge: Allow enable/disable UFO on bridge device via ethtool 2009-10-07 22:00:24 -07:00
br_fdb.c net: Move && and || to end of previous line 2009-11-29 16:55:45 -08:00
br_forward.c net/bridge: Add 'hairpin' port forwarding mode 2009-08-13 16:26:11 -07:00
br_if.c cfg80211: disallow bridging managed/adhoc interfaces 2009-11-19 11:08:54 -05:00
br_input.c bridge: relay bridge multicast pkgs if !STP 2009-05-17 21:12:54 -07:00
br_ioctl.c bridge: remove dev_put() in add_del_if() 2009-11-05 22:34:16 -08:00
br_netfilter.c sysctl net: Remove unused binary sysctl code 2009-11-12 02:05:06 -08:00
br_netlink.c netlink: change nlmsg_notify() return value logic 2009-02-24 23:18:28 -08:00
br_notify.c netns bridge: allow bridges in netns! 2008-09-08 16:19:58 -07:00
br_private_stp.h net: remove CVS keywords 2008-06-11 21:00:38 -07:00
br_private.h netdev: convert pseudo-devices to netdev_tx_t 2009-09-01 01:13:07 -07:00
br_stp_bpdu.c netns bridge: allow bridges in netns! 2008-09-08 16:19:58 -07:00
br_stp_if.c bridge: make bridge address settings sticky 2008-06-17 16:10:06 -07:00
br_stp_timer.c net: remove CVS keywords 2008-06-11 21:00:38 -07:00
br_stp.c net: mark read-only arrays as const 2009-08-05 10:42:58 -07:00
br_sysfs_br.c net: Move && and || to end of previous line 2009-11-29 16:55:45 -08:00
br_sysfs_if.c net/bridge: Add 'hairpin' port forwarding mode 2009-08-13 16:26:11 -07:00
br.c bridge: Use rcu_barrier() instead of syncronize_net() on unload. 2009-06-26 13:51:32 -07:00
Kconfig bridge: Use STP demux 2008-07-05 21:25:56 -07:00
Makefile