net-ipv6: IPV6_TRANSPARENT - check NET_RAW prior to NET_ADMIN
[muen/linux.git] / net / ipv6 / ipv6_sockglue.c
index 264c292..79fc012 100644 (file)
@@ -363,8 +363,8 @@ static int do_ipv6_setsockopt(struct sock *sk, int level, int optname,
                break;
 
        case IPV6_TRANSPARENT:
-               if (valbool && !ns_capable(net->user_ns, CAP_NET_ADMIN) &&
-                   !ns_capable(net->user_ns, CAP_NET_RAW)) {
+               if (valbool && !ns_capable(net->user_ns, CAP_NET_RAW) &&
+                   !ns_capable(net->user_ns, CAP_NET_ADMIN)) {
                        retv = -EPERM;
                        break;
                }