On Tue, 2010-10-12 at 11:40 -0400, Eric Paris wrote: > Commit 4a5a5c73 attempted to pass decent error messages back to userspace for > netfilter errors. In xt_SECMARK.c however the patch screwed up and returned > on 0 (aka no error) early and didn't finish setting up secmark. This results > in a kernel BUG if you use SECMARK. ... > Signed-off-by: Eric Paris <eparis@xxxxxxxxxx> Acked-by: Paul Moore <paul.moore@xxxxxx> > --- > > net/netfilter/xt_SECMARK.c | 2 +- > 1 files changed, 1 insertions(+), 1 deletions(-) > > diff --git a/net/netfilter/xt_SECMARK.c b/net/netfilter/xt_SECMARK.c > index 23b2d6c..364ad16 100644 > --- a/net/netfilter/xt_SECMARK.c > +++ b/net/netfilter/xt_SECMARK.c > @@ -101,7 +101,7 @@ static int secmark_tg_check(const struct xt_tgchk_param *par) > switch (info->mode) { > case SECMARK_MODE_SEL: > err = checkentry_selinux(info); > - if (err <= 0) > + if (err) > return err; > break; > > -- paul moore linux @ hp -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html