[Devel] [PATCH RH7] net: allow SO_RCVBUFFORCE with CAP_VE_NET_ADMIN

Pavel Tikhomirov ptikhomirov at virtuozzo.com
Fri Jul 10 07:27:54 PDT 2015


allows overriding of sysctl rmem_max limit for socket receive buffer in
CT, need it to start udevd in Centos6 CTs without NET_ADMIN capability.
https://jira.sw.ru/browse/PSBM-34741

Signed-off-by: Pavel Tikhomirov <ptikhomirov at virtuozzo.com>
---
 net/core/sock.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/net/core/sock.c b/net/core/sock.c
index 03f4b23..f1a99a5 100644
--- a/net/core/sock.c
+++ b/net/core/sock.c
@@ -722,7 +722,7 @@ int sock_setsockopt(struct socket *sock, int level, int optname,
 		break;
 
 	case SO_RCVBUFFORCE:
-		if (!capable(CAP_NET_ADMIN)) {
+		if (!capable(CAP_NET_ADMIN) && !capable(CAP_VE_NET_ADMIN)) {
 			ret = -EPERM;
 			break;
 		}
-- 
1.9.3




More information about the Devel mailing list