fix BUG when using xt_SECMARK
This commit is contained in:
Kyle McMartin
parent
16ab22b532
commit
49d23722df
@ -724,6 +724,8 @@ Patch12303: dmar-disable-when-ricoh-multifunction.patch
|
||||
|
||||
Patch12305: xhci_hcd-suspend-resume.patch
|
||||
|
||||
Patch12306: secmark-do-not-return-early-if-there-was-no-error.patch
|
||||
|
||||
%endif
|
||||
|
||||
BuildRoot: %{_tmppath}/kernel-%{KVERREL}-root
|
||||
@ -1342,6 +1344,8 @@ ApplyPatch dmar-disable-when-ricoh-multifunction.patch
|
||||
|
||||
ApplyPatch xhci_hcd-suspend-resume.patch
|
||||
|
||||
ApplyPatch secmark-do-not-return-early-if-there-was-no-error.patch
|
||||
|
||||
# END OF PATCH APPLICATIONS
|
||||
|
||||
%endif
|
||||
@ -1955,6 +1959,10 @@ fi
|
||||
# || ||
|
||||
|
||||
%changelog
|
||||
* Sat Nov 20 2010 Kyle McMartin <kyle@redhat.com>
|
||||
- secmark-do-not-return-early-if-there-was-no-error.patch: requested
|
||||
by eparis@. (Fixes a BUG when using secmark.)
|
||||
|
||||
* Wed Nov 17 2010 Kyle McMartin <kyle@redhat.com> 2.6.36-5
|
||||
- Disable drm/intel rebase until it can be fixed.
|
||||
|
||||
|
||||
33
secmark-do-not-return-early-if-there-was-no-error.patch
Normal file
33
secmark-do-not-return-early-if-there-was-no-error.patch
Normal file
@ -0,0 +1,33 @@
|
||||
From 15714f7b58011cf3948cab2988abea560240c74f Mon Sep 17 00:00:00 2001
|
||||
From: Eric Paris <eparis@redhat.com>
|
||||
Date: Tue, 12 Oct 2010 11:40:08 -0400
|
||||
Subject: [PATCH] secmark: do not return early if there was no error
|
||||
|
||||
Commit 4a5a5c73 attempted to pass decent error messages back to userspace for
|
||||
netfilter errors. In xt_SECMARK.c however the patch screwed up and returned
|
||||
on 0 (aka no error) early and didn't finish setting up secmark. This results
|
||||
in a kernel BUG if you use SECMARK.
|
||||
|
||||
Signed-off-by: Eric Paris <eparis@redhat.com>
|
||||
Acked-by: Paul Moore <paul.moore@hp.com>
|
||||
Signed-off-by: James Morris <jmorris@namei.org>
|
||||
---
|
||||
net/netfilter/xt_SECMARK.c | 2 +-
|
||||
1 files changed, 1 insertions(+), 1 deletions(-)
|
||||
|
||||
diff --git a/net/netfilter/xt_SECMARK.c b/net/netfilter/xt_SECMARK.c
|
||||
index 23b2d6c..364ad16 100644
|
||||
--- a/net/netfilter/xt_SECMARK.c
|
||||
+++ b/net/netfilter/xt_SECMARK.c
|
||||
@@ -101,7 +101,7 @@ static int secmark_tg_check(const struct xt_tgchk_param *par)
|
||||
switch (info->mode) {
|
||||
case SECMARK_MODE_SEL:
|
||||
err = checkentry_selinux(info);
|
||||
- if (err <= 0)
|
||||
+ if (err)
|
||||
return err;
|
||||
break;
|
||||
|
||||
--
|
||||
1.7.3.2
|
||||
|
||||
Loading…
Reference in New Issue
Block a user