net: pass user_ns to cap_netlink_recv()
and make cap_netlink_recv() userns-aware
cap_netlink_recv() was granting privilege if a capability is in
current_cap(), regardless of the user namespace. Fix that by
targeting the capability check against the user namespace which
owns the skb.
Because sock_net is static inline defined in net/sock.h, which we
don't want to #include at the cap_netlink_recv function (commoncap.h).
Signed-off-by: Serge E. Hallyn <firstname.lastname@example.org>
Cc: Eric W. Biederman <email@example.com>
13 files changed