Thread (22 messages) 22 messages, 7 authors, 2011-10-20

Re: [PATCH] net: allow CAP_NET_RAW to set socket options IP{,V6}_TRANSPARENT

From: David Miller <davem@davemloft.net>
Date: 2011-10-20 22:22:20 

From: Maciej Żenczykowski <redacted>
Date: Thu, 20 Oct 2011 15:10:14 -0700

From: Maciej Żenczykowski <redacted>

Up till now the IP{,V6}_TRANSPARENT socket options (which actually set
the same bit in the socket struct) have required CAP_NET_ADMIN
privileges to set or clear the option.

- we make clearing the bit not require any privileges.
- we allow CAP_NET_ADMIN to set the bit (as before this change)
- we allow CAP_NET_RAW to set this bit, because raw
  sockets already pretty much effectively allow you
  to emulate socket transparency.

Signed-off-by: Maciej Żenczykowski <redacted>
Applied, thanks.
Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help