Skip to content
Commit dce766af authored by Florian Westphal's avatar Florian Westphal Committed by Patrick McHardy
Browse files

netfilter: ebtables: enforce CAP_NET_ADMIN 



normal users are currently allowed to set/modify ebtables rules.
Restrict it to processes with CAP_NET_ADMIN.

Note that this cannot be reproduced with unmodified ebtables binary
because it uses SOCK_RAW.

Signed-off-by: default avatarFlorian Westphal <fwestphal@astaro.com>
Cc: stable@kernel.org
Signed-off-by: default avatarPatrick McHardy <kaber@trash.net>
parent aaff23a9
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment