Harald Welte wrote: > [NETFILTER] nfnetlink: only load subsystems if CAP_NET_ADMIN is set > > Without this patch, any user can cause nfnetlink subsystems to be > autoloaded. Those subsystems however could add significant processing > overhead to packet processing, and would refuse any configuration messages > from non-CAP_NET_ADMIN processes anyway. > > This patch follows a suggestion from Patrick McHardy.
If this patch gets applied, we'll have to cook another patch to kill the capability checking based on callbacks (nfnl_callback) that we currently use, right? -- Pablo - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
