[Devel] [PATCH RH7 2/3] rtnl: allow move network devices into network namespace in CT
Pavel Tikhomirov
ptikhomirov at virtuozzo.com
Tue Jun 30 05:17:53 PDT 2015
need this for docker bridged networking, as we will not allow
CAP_SYS_ADMIN in container.
* after switching to user namespaces we won't need this patch
fixes error:
ip link add veth0 type veth peer name veth1
ip netns add ns1
ip link set veth1 netns ns1
RTNETLINK answers: Operation not permitted
https://jira.sw.ru/browse/PSBM-34523
Signed-off-by: Pavel Tikhomirov <ptikhomirov at virtuozzo.com>
---
net/core/rtnetlink.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c
index c50ea72..61facec 100644
--- a/net/core/rtnetlink.c
+++ b/net/core/rtnetlink.c
@@ -1354,7 +1354,8 @@ static int do_setlink(struct net_device *dev, struct ifinfomsg *ifm,
err = PTR_ERR(net);
goto errout;
}
- if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) {
+ if (!ns_capable(net->user_ns, CAP_NET_ADMIN) &&
+ !ns_capable(net->user_ns, CAP_VE_NET_ADMIN)) {
err = -EPERM;
goto errout;
}
--
1.9.3
More information about the Devel
mailing list