34 lines
1.1 KiB
Diff
34 lines
1.1 KiB
Diff
From 15714f7b58011cf3948cab2988abea560240c74f Mon Sep 17 00:00:00 2001
|
|
From: Eric Paris <eparis@redhat.com>
|
|
Date: Tue, 12 Oct 2010 11:40:08 -0400
|
|
Subject: [PATCH] secmark: do not return early if there was no error
|
|
|
|
Commit 4a5a5c73 attempted to pass decent error messages back to userspace for
|
|
netfilter errors. In xt_SECMARK.c however the patch screwed up and returned
|
|
on 0 (aka no error) early and didn't finish setting up secmark. This results
|
|
in a kernel BUG if you use SECMARK.
|
|
|
|
Signed-off-by: Eric Paris <eparis@redhat.com>
|
|
Acked-by: Paul Moore <paul.moore@hp.com>
|
|
Signed-off-by: James Morris <jmorris@namei.org>
|
|
---
|
|
net/netfilter/xt_SECMARK.c | 2 +-
|
|
1 files changed, 1 insertions(+), 1 deletions(-)
|
|
|
|
diff --git a/net/netfilter/xt_SECMARK.c b/net/netfilter/xt_SECMARK.c
|
|
index 23b2d6c..364ad16 100644
|
|
--- a/net/netfilter/xt_SECMARK.c
|
|
+++ b/net/netfilter/xt_SECMARK.c
|
|
@@ -101,7 +101,7 @@ static int secmark_tg_check(const struct xt_tgchk_param *par)
|
|
switch (info->mode) {
|
|
case SECMARK_MODE_SEL:
|
|
err = checkentry_selinux(info);
|
|
- if (err <= 0)
|
|
+ if (err)
|
|
return err;
|
|
break;
|
|
|
|
--
|
|
1.7.3.2
|
|
|