diff options
| author | Eric Paris <eparis@redhat.com> | 2012-01-03 12:25:16 -0500 |
|---|---|---|
| committer | Ziyan <jaraidaniel@gmail.com> | 2016-03-11 01:10:38 +0100 |
| commit | 3a279b3c70ce1eab679130d6fc8b8dd8f4345109 (patch) | |
| tree | f5c7bd7606cb087f613053cc074a3dc8dffc6555 /net/xfrm | |
| parent | 7c175efb67473b6328afeb7c6a3181d38fd12f84 (diff) | |
| download | kernel_samsung_tuna-3a279b3c70ce1eab679130d6fc8b8dd8f4345109.zip kernel_samsung_tuna-3a279b3c70ce1eab679130d6fc8b8dd8f4345109.tar.gz kernel_samsung_tuna-3a279b3c70ce1eab679130d6fc8b8dd8f4345109.tar.bz2 | |
security: remove the security_netlink_recv hook as it is equivalent to capable()
Once upon a time netlink was not sync and we had to get the effective
capabilities from the skb that was being received. Today we instead get
the capabilities from the current task. This has rendered the entire
purpose of the hook moot as it is now functionally equivalent to the
capable() call.
Signed-off-by: Eric Paris <eparis@redhat.com>
Diffstat (limited to 'net/xfrm')
| -rw-r--r-- | net/xfrm/xfrm_user.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c index 9bbe858..e0349ea 100644 --- a/net/xfrm/xfrm_user.c +++ b/net/xfrm/xfrm_user.c @@ -2317,7 +2317,7 @@ static int xfrm_user_rcv_msg(struct sk_buff *skb, struct nlmsghdr *nlh) link = &xfrm_dispatch[type]; /* All operations require privileges, even GET */ - if (security_netlink_recv(skb, CAP_NET_ADMIN)) + if (!capable(CAP_NET_ADMIN)) return -EPERM; if ((type == (XFRM_MSG_GETSA - XFRM_MSG_BASE) || |