AC_SUBST(HAVE_NET_OPS_ID, undef)
fi
+AC_MSG_CHECKING([kernel source for user_ns in struct net])
+if test -f $ksourcedir/include/net/net_namespace.h && \
+ $AWK '/^struct net \{/ {for(i=1; i<=20; i++) {getline; print}}' $ksourcedir/include/net/net_namespace.h | $GREP -q 'user_ns'; then
+ AC_MSG_RESULT(yes)
+ AC_SUBST(HAVE_USER_NS_IN_STRUCT_NET, define)
+else
+ AC_MSG_RESULT(no)
+ AC_SUBST(HAVE_USER_NS_IN_STRUCT_NET, undef)
+fi
+
AC_MSG_CHECKING([kernel source for struct net_generic])
if test -f $ksourcedir/include/net/netns/generic.h && \
$GREP -q 'struct net_generic' $ksourcedir/include/net/netns/generic.h; then
#@HAVE_CHECKENTRY_BOOL@ HAVE_CHECKENTRY_BOOL
#@HAVE_XT_TARGET_PARAM@ HAVE_XT_TARGET_PARAM
#@HAVE_NET_OPS_ID@ HAVE_NET_OPS_ID
+#@HAVE_USER_NS_IN_STRUCT_NET@ HAVE_USER_NS_IN_STRUCT_NET
/* Not everything could be moved here. Compatibility stuffs can be found in
* xt_set.c, ip_set_core.c, ip_set_getport.c, pfxlen.c too.
struct net *net = sock_net(sk);
struct ip_set_net *inst = ip_set_pernet(net);
+#ifdef HAVE_USER_NS_IN_STRUCT_NET
if (!ns_capable(net->user_ns, CAP_NET_ADMIN))
+#else
+ if (!capable(CAP_NET_ADMIN))
+#endif
return -EPERM;
if (optval != SO_IP_SET)
return -EBADF;
projects / ipset / commitdiff