diff options
author | gVisor bot <gvisor-bot@google.com> | 2020-04-07 21:37:01 +0000 |
---|---|---|
committer | gVisor bot <gvisor-bot@google.com> | 2020-04-07 21:37:01 +0000 |
commit | c327dab2cd4530581c849a5608302e7e943e9f62 (patch) | |
tree | a7c1d8148c25bf646f505a0934b2447cbfc76981 /pkg/sentry/socket/netstack/provider.go | |
parent | 62f1522eb0f4dbb224d2f542c5a4ff2353cd4fa7 (diff) | |
parent | d5ddb5365086b13c0688c40fc74fa4cc4c5528db (diff) |
Merge release-20200323.0-82-gd5ddb53 (automated)
Diffstat (limited to 'pkg/sentry/socket/netstack/provider.go')
-rwxr-xr-x | pkg/sentry/socket/netstack/provider.go | 8 |
1 files changed, 0 insertions, 8 deletions
diff --git a/pkg/sentry/socket/netstack/provider.go b/pkg/sentry/socket/netstack/provider.go index eb090e79b..c3f04b613 100755 --- a/pkg/sentry/socket/netstack/provider.go +++ b/pkg/sentry/socket/netstack/provider.go @@ -62,10 +62,6 @@ func getTransportProtocol(ctx context.Context, stype linux.SockType, protocol in } case linux.SOCK_RAW: - // TODO(b/142504697): "In order to create a raw socket, a - // process must have the CAP_NET_RAW capability in the user - // namespace that governs its network namespace." - raw(7) - // Raw sockets require CAP_NET_RAW. creds := auth.CredentialsFromContext(ctx) if !creds.HasCapability(linux.CAP_NET_RAW) { @@ -141,10 +137,6 @@ func (p *provider) Socket(t *kernel.Task, stype linux.SockType, protocol int) (* } func packetSocket(t *kernel.Task, epStack *Stack, stype linux.SockType, protocol int) (*fs.File, *syserr.Error) { - // TODO(b/142504697): "In order to create a packet socket, a process - // must have the CAP_NET_RAW capability in the user namespace that - // governs its network namespace." - packet(7) - // Packet sockets require CAP_NET_RAW. creds := auth.CredentialsFromContext(t) if !creds.HasCapability(linux.CAP_NET_RAW) { |