netns: bridge: allow unprivileged users add/delete mdb entry
authorGao feng <gaofeng@cn.fujitsu.com>
Thu, 31 Jan 2013 16:30:59 +0000 (16:30 +0000)
committerDavid S. Miller <davem@davemloft.net>
Mon, 4 Feb 2013 18:12:16 +0000 (13:12 -0500)
since the mdb table is belong to bridge device,and the
bridge device can only be seen in one netns.
So it's safe to allow unprivileged user which is the
creator of userns and netns to modify the mdb table.

Signed-off-by: Gao feng <gaofeng@cn.fujitsu.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
net/bridge/br_mdb.c

index acc9f4c..38991e0 100644 (file)
@@ -272,9 +272,6 @@ static int br_mdb_parse(struct sk_buff *skb, struct nlmsghdr *nlh,
        struct net_device *dev;
        int err;
 
-       if (!capable(CAP_NET_ADMIN))
-               return -EPERM;
-
        err = nlmsg_parse(nlh, sizeof(*bpm), tb, MDBA_SET_ENTRY, NULL);
        if (err < 0)
                return err;