From: Eric W. Biederman <ebiederm@xmission.com>
Date: Thu, 26 Feb 2015 22:20:07 +0000 (-0600)
Subject: net: Verify permission to link_net in newlink
X-Git-Tag: v4.0-rc3~25^2~25
X-Git-Url: http://git.osdn.net/view?a=commitdiff_plain;h=06615bed60c1fb7c37adddb75bdc80da873b5edb;p=tomoyo%2Ftomoyo-test1.git

net: Verify permission to link_net in newlink

When applicable verify that the caller has permisson to the underlying
network namespace for a newly created network device.

Similary checks exist for the network namespace a network device will
be created in.

Fixes: 317f4810e45e ("rtnl: allow to create device with IFLA_LINK_NETNSID set")
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Acked-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
---

diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c
index b237959c7497..2c49355d16c2 100644
--- a/net/core/rtnetlink.c
+++ b/net/core/rtnetlink.c
@@ -2134,6 +2134,9 @@ replay:
 				err =  -EINVAL;
 				goto out;
 			}
+			err = -EPERM;
+			if (!netlink_ns_capable(skb, link_net->user_ns, CAP_NET_ADMIN))
+				goto out;
 		}
 
 		dev = rtnl_create_link(link_net ? : dest_net, ifname,