[PATCH nftables,v2] datatype: skip cgroupv2 rootfs in listing

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

cgroupv2 path is expressed from the /sys/fs/cgroup, update listing
to skip the rootfs.

 # nft add rule x y socket cgroupv2 level 1 "user.slice" counter
 # nft list ruleset
 table ip x {
        chain y {
                type filter hook input priority filter; policy accept;
                socket cgroupv2 level 1 "user.slice" counter
        }
 }

Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
---
v2: update commit description.

 src/datatype.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/datatype.c b/src/datatype.c
index 743505de44b6..7267d60895d8 100644
--- a/src/datatype.c
+++ b/src/datatype.c
@@ -1382,7 +1382,8 @@ static void cgroupv2_type_print(const struct expr *expr,
 
 	cgroup_path = cgroupv2_get_path(SYSFS_CGROUPSV2_PATH, id);
 	if (cgroup_path)
-		nft_print(octx, "\"%s\"", cgroup_path);
+		nft_print(octx, "\"%s\"",
+			  &cgroup_path[strlen(SYSFS_CGROUPSV2_PATH) + 1]);
 	else
 		nft_print(octx, "%" PRIu64, id);
 
-- 
2.30.2
[Index of Archives]     [Netfitler Users]     [Berkeley Packet Filter]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux