1
linux/net/netfilter/ipset
Eric W. Biederman df008c91f8 net: Allow userns root to control llc, netfilter, netlink, packet, and xfrm
Allow an unpriviled user who has created a user namespace, and then
created a network namespace to effectively use the new network
namespace, by reducing capable(CAP_NET_ADMIN) and
capable(CAP_NET_RAW) calls to be ns_capable(net->user_ns,
CAP_NET_ADMIN), or capable(net->user_ns, CAP_NET_RAW) calls.

Allow creation of af_key sockets.
Allow creation of llc sockets.
Allow creation of af_packet sockets.

Allow sending xfrm netlink control messages.

Allow binding to netlink multicast groups.
Allow sending to netlink multicast groups.
Allow adding and dropping netlink multicast groups.
Allow sending to all netlink multicast groups and port ids.

Allow reading the netfilter SO_IP_SET socket option.
Allow sending netfilter netlink messages.
Allow setting and getting ip_vs netfilter socket options.

Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2012-11-18 20:32:45 -05:00
..
ip_set_bitmap_ip.c netfilter: ipset: Include supported revisions in module description 2012-09-22 22:44:24 +02:00
ip_set_bitmap_ipmac.c netfilter: ipset: Coding style fixes 2012-09-22 22:44:29 +02:00
ip_set_bitmap_port.c netfilter: ipset: Include supported revisions in module description 2012-09-22 22:44:24 +02:00
ip_set_core.c net: Allow userns root to control llc, netfilter, netlink, packet, and xfrm 2012-11-18 20:32:45 -05:00
ip_set_getport.c netfilter: ipset: use NFPROTO_ constants 2012-03-07 17:40:29 +01:00
ip_set_hash_ip.c netfilter: ipset: Include supported revisions in module description 2012-09-22 22:44:24 +02:00
ip_set_hash_ipport.c netfilter: ipset: Include supported revisions in module description 2012-09-22 22:44:24 +02:00
ip_set_hash_ipportip.c netfilter: ipset: Include supported revisions in module description 2012-09-22 22:44:24 +02:00
ip_set_hash_ipportnet.c netfilter: ipset: Support to match elements marked with "nomatch" 2012-09-22 22:44:34 +02:00
ip_set_hash_net.c netfilter: ipset: Support to match elements marked with "nomatch" 2012-09-22 22:44:34 +02:00
ip_set_hash_netiface.c netfilter: ipset: Support to match elements marked with "nomatch" 2012-09-22 22:44:34 +02:00
ip_set_hash_netport.c netfilter: ipset: Support to match elements marked with "nomatch" 2012-09-22 22:44:34 +02:00
ip_set_list_set.c netfilter: ipset: Include supported revisions in module description 2012-09-22 22:44:24 +02:00
Kconfig netfilter: ipset: hash:net,iface type introduced 2011-06-16 19:00:48 +02:00
Makefile netfilter: ipset: hash:net,iface type introduced 2011-06-16 19:00:48 +02:00
pfxlen.c net: Add export.h for EXPORT_SYMBOL/THIS_MODULE to non-modules 2011-10-31 19:30:30 -04:00