linux/net/netfilter/ipvs
Eric W. Biederman df008c91f8 net: Allow userns root to control llc, netfilter, netlink, packet, and xfrm
Allow an unpriviled user who has created a user namespace, and then
created a network namespace to effectively use the new network
namespace, by reducing capable(CAP_NET_ADMIN) and
capable(CAP_NET_RAW) calls to be ns_capable(net->user_ns,
CAP_NET_ADMIN), or capable(net->user_ns, CAP_NET_RAW) calls.

Allow creation of af_key sockets.
Allow creation of llc sockets.
Allow creation of af_packet sockets.

Allow sending xfrm netlink control messages.

Allow binding to netlink multicast groups.
Allow sending to netlink multicast groups.
Allow adding and dropping netlink multicast groups.
Allow sending to all netlink multicast groups and port ids.

Allow reading the netfilter SO_IP_SET socket option.
Allow sending netfilter netlink messages.
Allow setting and getting ip_vs netfilter socket options.

Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2012-11-18 20:32:45 -05:00
..
ip_vs_app.c ipvs: generalize app registration in netns 2012-08-10 10:34:51 +09:00
ip_vs_conn.c ipvs: API change to avoid rescan of IPv6 exthdr 2012-09-28 11:34:33 +09:00
ip_vs_core.c ipvs: API change to avoid rescan of IPv6 exthdr 2012-09-28 11:34:33 +09:00
ip_vs_ctl.c net: Allow userns root to control llc, netfilter, netlink, packet, and xfrm 2012-11-18 20:32:45 -05:00
ip_vs_dh.c ipvs: Fix faulty IPv6 extension header handling in IPVS 2012-09-28 11:34:15 +09:00
ip_vs_est.c IPVS: remove unused init and cleanup functions. 2011-06-14 09:07:32 +09:00
ip_vs_ftp.c netfilter: nf_nat: add protoff argument to packet mangling functions 2012-08-30 03:00:13 +02:00
ip_vs_lblc.c net: Don't export sysctls to unprivileged users 2012-11-18 20:30:55 -05:00
ip_vs_lblcr.c net: Don't export sysctls to unprivileged users 2012-11-18 20:30:55 -05:00
ip_vs_lc.c ipvs: unify the formula to estimate the overhead of processing connections 2011-02-25 11:35:41 +09:00
ip_vs_nfct.c ipvs: remove silly double assignment 2012-10-28 22:50:51 +01:00
ip_vs_nq.c ipvs: make "no destination available" message more informative 2011-02-16 14:53:33 +09:00
ip_vs_pe_sip.c ipvs: SIP fragment handling 2012-09-28 11:37:16 +09:00
ip_vs_pe.c IPVS: Backup, Adding Version 1 receive capability 2010-11-25 10:42:59 +09:00
ip_vs_proto_ah_esp.c ipvs: API change to avoid rescan of IPv6 exthdr 2012-09-28 11:34:33 +09:00
ip_vs_proto_sctp.c ipvs: API change to avoid rescan of IPv6 exthdr 2012-09-28 11:34:33 +09:00
ip_vs_proto_tcp.c ipvs: API change to avoid rescan of IPv6 exthdr 2012-09-28 11:34:33 +09:00
ip_vs_proto_udp.c ipvs: API change to avoid rescan of IPv6 exthdr 2012-09-28 11:34:33 +09:00
ip_vs_proto.c ipvs: Trivial changes, use compressed IPv6 address in output 2012-09-28 11:33:52 +09:00
ip_vs_rr.c ipvs: make "no destination available" message more informative 2011-02-16 14:53:33 +09:00
ip_vs_sched.c ipvs: Trivial changes, use compressed IPv6 address in output 2012-09-28 11:33:52 +09:00
ip_vs_sed.c ipvs: make "no destination available" message more informative 2011-02-16 14:53:33 +09:00
ip_vs_sh.c ipvs: Fix faulty IPv6 extension header handling in IPVS 2012-09-28 11:34:15 +09:00
ip_vs_sync.c ipvs: add support for sync threads 2012-05-08 19:40:33 +02:00
ip_vs_wlc.c ipvs: unify the formula to estimate the overhead of processing connections 2011-02-25 11:35:41 +09:00
ip_vs_wrr.c ipvs: WRR scheduler does not need GFP_ATOMIC allocation 2012-05-08 19:37:22 +02:00
ip_vs_xmit.c ipvs: remove silly double assignment 2012-10-28 22:50:51 +01:00
Kconfig ipvs: Complete IPv6 fragment handling for IPVS 2012-09-28 11:34:24 +09:00
Makefile