fix BUG when using xt_SECMARK
This commit is contained in:
		
							parent
							
								
									16ab22b532
								
							
						
					
					
						commit
						49d23722df
					
				| @ -724,6 +724,8 @@ Patch12303: dmar-disable-when-ricoh-multifunction.patch | |||||||
| 
 | 
 | ||||||
| Patch12305: xhci_hcd-suspend-resume.patch | Patch12305: xhci_hcd-suspend-resume.patch | ||||||
| 
 | 
 | ||||||
|  | Patch12306: secmark-do-not-return-early-if-there-was-no-error.patch | ||||||
|  | 
 | ||||||
| %endif | %endif | ||||||
| 
 | 
 | ||||||
| BuildRoot: %{_tmppath}/kernel-%{KVERREL}-root | BuildRoot: %{_tmppath}/kernel-%{KVERREL}-root | ||||||
| @ -1342,6 +1344,8 @@ ApplyPatch dmar-disable-when-ricoh-multifunction.patch | |||||||
| 
 | 
 | ||||||
| ApplyPatch xhci_hcd-suspend-resume.patch | ApplyPatch xhci_hcd-suspend-resume.patch | ||||||
| 
 | 
 | ||||||
|  | ApplyPatch secmark-do-not-return-early-if-there-was-no-error.patch | ||||||
|  | 
 | ||||||
| # END OF PATCH APPLICATIONS | # END OF PATCH APPLICATIONS | ||||||
| 
 | 
 | ||||||
| %endif | %endif | ||||||
| @ -1955,6 +1959,10 @@ fi | |||||||
| #                 ||     || | #                 ||     || | ||||||
| 
 | 
 | ||||||
| %changelog | %changelog | ||||||
|  | * Sat Nov 20 2010 Kyle McMartin <kyle@redhat.com> | ||||||
|  | - secmark-do-not-return-early-if-there-was-no-error.patch: requested | ||||||
|  |   by eparis@. (Fixes a BUG when using secmark.) | ||||||
|  | 
 | ||||||
| * Wed Nov 17 2010 Kyle McMartin <kyle@redhat.com> 2.6.36-5 | * Wed Nov 17 2010 Kyle McMartin <kyle@redhat.com> 2.6.36-5 | ||||||
| - Disable drm/intel rebase until it can be fixed. | - Disable drm/intel rebase until it can be fixed. | ||||||
| 
 | 
 | ||||||
|  | |||||||
							
								
								
									
										33
									
								
								secmark-do-not-return-early-if-there-was-no-error.patch
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										33
									
								
								secmark-do-not-return-early-if-there-was-no-error.patch
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,33 @@ | |||||||
|  | From 15714f7b58011cf3948cab2988abea560240c74f Mon Sep 17 00:00:00 2001 | ||||||
|  | From: Eric Paris <eparis@redhat.com> | ||||||
|  | Date: Tue, 12 Oct 2010 11:40:08 -0400 | ||||||
|  | Subject: [PATCH] secmark: do not return early if there was no error | ||||||
|  | 
 | ||||||
|  | Commit 4a5a5c73 attempted to pass decent error messages back to userspace for | ||||||
|  | netfilter errors.  In xt_SECMARK.c however the patch screwed up and returned | ||||||
|  | on 0 (aka no error) early and didn't finish setting up secmark.  This results | ||||||
|  | in a kernel BUG if you use SECMARK. | ||||||
|  | 
 | ||||||
|  | Signed-off-by: Eric Paris <eparis@redhat.com> | ||||||
|  | Acked-by: Paul Moore <paul.moore@hp.com> | ||||||
|  | Signed-off-by: James Morris <jmorris@namei.org> | ||||||
|  | ---
 | ||||||
|  |  net/netfilter/xt_SECMARK.c |    2 +- | ||||||
|  |  1 files changed, 1 insertions(+), 1 deletions(-) | ||||||
|  | 
 | ||||||
|  | diff --git a/net/netfilter/xt_SECMARK.c b/net/netfilter/xt_SECMARK.c
 | ||||||
|  | index 23b2d6c..364ad16 100644
 | ||||||
|  | --- a/net/netfilter/xt_SECMARK.c
 | ||||||
|  | +++ b/net/netfilter/xt_SECMARK.c
 | ||||||
|  | @@ -101,7 +101,7 @@ static int secmark_tg_check(const struct xt_tgchk_param *par)
 | ||||||
|  |  	switch (info->mode) { | ||||||
|  |  	case SECMARK_MODE_SEL: | ||||||
|  |  		err = checkentry_selinux(info); | ||||||
|  | -		if (err <= 0)
 | ||||||
|  | +		if (err)
 | ||||||
|  |  			return err; | ||||||
|  |  		break; | ||||||
|  |   | ||||||
|  | -- 
 | ||||||
|  | 1.7.3.2 | ||||||
|  | 
 | ||||||
		Loading…
	
		Reference in New Issue
	
	Block a user