tproxy: Add missing CAP_NET_ADMIN check to ipv6 side

IP_TRANSPARENT requires root (more precisely CAP_NET_ADMIN privielges) for IPV6. However as I see right now this check was missed from the IPv6 implementation. Acked-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> Signed-off-by: David S. Miller <davem@davemloft.net>
git-mirror · Oct 24, 2010 · b889416 · b889416
1 parent 0561cf3
commit b889416
Showing 1 changed file with 4 additions and 0 deletions.
diff --git a/net/ipv6/ipv6_sockglue.c b/net/ipv6/ipv6_sockglue.c
@@ -343,6 +343,10 @@ static int do_ipv6_setsockopt(struct sock *sk, int level, int optname,
 		break;
 
 	case IPV6_TRANSPARENT:
+		if (!capable(CAP_NET_ADMIN)) {
+			retv = -EPERM;
+			break;
+		}
 		if (optlen < sizeof(int))
 			goto e_inval;
 		/* we don't have a separate transparent bit for IPV6 we use the one in the IPv4 socket */