Merge with /pub/scm/linux/kernel/git/torvalds/linux-2.6.git

[powerpc.git] / net / netfilter / nfnetlink.c

diff --git a/net/netfilter/nfnetlink.c b/net/netfilter/nfnetlink.c
index f8bd7c7..83f4c53 100644 (file)
--- a/net/netfilter/nfnetlink.c
+++ b/net/netfilter/nfnetlink.c
@@ -240,15 +240,18 @@ static inline int nfnetlink_rcv_msg(struct sk_buff *skb,
        ss = nfnetlink_get_subsys(type);
        if (!ss) {
 #ifdef CONFIG_KMOD
-               /* don't call nfnl_shunlock, since it would reenter
-                * with further packet processing */
-               up(&nfnl_sem);
-               request_module("nfnetlink-subsys-%d", NFNL_SUBSYS_ID(type));
-               nfnl_shlock();
-               ss = nfnetlink_get_subsys(type);
+               if (cap_raised(NETLINK_CB(skb).eff_cap, CAP_NET_ADMIN)) {
+                       /* don't call nfnl_shunlock, since it would reenter
+                        * with further packet processing */
+                       up(&nfnl_sem);
+                       request_module("nfnetlink-subsys-%d",
+                                       NFNL_SUBSYS_ID(type));
+                       nfnl_shlock();
+                       ss = nfnetlink_get_subsys(type);
+               }
                if (!ss)
 #endif
-               goto err_inval;
+                       goto err_inval;
        }
 
        nc = nfnetlink_find_client(type, ss);