One potential fix, although I don't know if it is technically correct, is to switch the ordering of the calls to ns_capable() and uid_eq() here:
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/tree/net/sysctl_net.c#n48
One potential fix, although I don't know if it is technically correct, is to switch the ordering of the calls to ns_capable() and uid_eq() here:
http:// git.kernel. org/cgit/ linux/kernel/ git/torvalds/ linux.git/ tree/net/ sysctl_ net.c#n48