summaryrefslogtreecommitdiffhomepage
path: root/pkg/sentry/socket/netstack/provider.go
diff options
context:
space:
mode:
authorgVisor bot <gvisor-bot@google.com>2020-04-07 21:37:01 +0000
committergVisor bot <gvisor-bot@google.com>2020-04-07 21:37:01 +0000
commitc327dab2cd4530581c849a5608302e7e943e9f62 (patch)
treea7c1d8148c25bf646f505a0934b2447cbfc76981 /pkg/sentry/socket/netstack/provider.go
parent62f1522eb0f4dbb224d2f542c5a4ff2353cd4fa7 (diff)
parentd5ddb5365086b13c0688c40fc74fa4cc4c5528db (diff)
Merge release-20200323.0-82-gd5ddb53 (automated)
Diffstat (limited to 'pkg/sentry/socket/netstack/provider.go')
-rwxr-xr-xpkg/sentry/socket/netstack/provider.go8
1 files changed, 0 insertions, 8 deletions
diff --git a/pkg/sentry/socket/netstack/provider.go b/pkg/sentry/socket/netstack/provider.go
index eb090e79b..c3f04b613 100755
--- a/pkg/sentry/socket/netstack/provider.go
+++ b/pkg/sentry/socket/netstack/provider.go
@@ -62,10 +62,6 @@ func getTransportProtocol(ctx context.Context, stype linux.SockType, protocol in
}
case linux.SOCK_RAW:
- // TODO(b/142504697): "In order to create a raw socket, a
- // process must have the CAP_NET_RAW capability in the user
- // namespace that governs its network namespace." - raw(7)
-
// Raw sockets require CAP_NET_RAW.
creds := auth.CredentialsFromContext(ctx)
if !creds.HasCapability(linux.CAP_NET_RAW) {
@@ -141,10 +137,6 @@ func (p *provider) Socket(t *kernel.Task, stype linux.SockType, protocol int) (*
}
func packetSocket(t *kernel.Task, epStack *Stack, stype linux.SockType, protocol int) (*fs.File, *syserr.Error) {
- // TODO(b/142504697): "In order to create a packet socket, a process
- // must have the CAP_NET_RAW capability in the user namespace that
- // governs its network namespace." - packet(7)
-
// Packet sockets require CAP_NET_RAW.
creds := auth.CredentialsFromContext(t)
if !creds.HasCapability(linux.CAP_NET_RAW) {