From mboxrd@z Thu Jan 1 00:00:00 1970 From: David Miller Subject: Re: [PATCH net-next ] net: Allow userns root to control tun and tap devices Date: Mon, 19 Nov 2012 14:16:16 -0500 (EST) Message-ID: <20121119.141616.1503915389601739944.davem@davemloft.net> References: <87a9uekpvw.fsf@xmission.com> <20121119142331.GA4453@mail.hallyn.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Cc: netdev-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org, ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org To: serge-A9i7LUbDfNHQT0dZR+AlfA@public.gmane.org Return-path: In-Reply-To: <20121119142331.GA4453-7LNsyQBKDXoIagZqoN9o3w@public.gmane.org> List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: containers-bounces-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org Errors-To: containers-bounces-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org List-Id: netdev.vger.kernel.org From: "Serge E. Hallyn" Date: Mon, 19 Nov 2012 14:23:31 +0000 > Quoting Eric W. Biederman (ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org): >> >> Allow an unpriviled user who has created a user namespace, and then >> created a network namespace to effectively use the new network >> namespace, by reducing capable(CAP_NET_ADMIN) calls to >> ns_capable(net->user_ns,CAP_NET_ADMIN) calls. >> >> Allow setting of the tun iff flags. >> Allow creating of tun devices. >> Allow adding a new queue to a tun device. >> > > Acked-by: Serge Hallyn Applied.