If a table was owned by a process, its dormant flag couldn't be updated
because the code required the table to be an orphan.
$ nft -i
nft> add table ip test { flags owner ; }
nft> list table ip test
table ip test { # progname nft
flags owner
}
nft> add table ip test { flags owner ; flags dormant ; }
Error: Could not process rule: Operation not supported
add table ip test { flags owner ; flags dormant ; }
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Fixes: 31bf508be656 ("netfilter: nf_tables: Implement table adoption support")
Signed-off-by: Quan Tian <tianquan23@xxxxxxxxx>
---
net/netfilter/nf_tables_api.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
index e93f905e60b6..f06b09b32d80 100644
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -1219,7 +1219,8 @@ static int nf_tables_updtable(struct nft_ctx *ctx)
if ((nft_table_has_owner(ctx->table) &&
!(flags & NFT_TABLE_F_OWNER)) ||
(flags & NFT_TABLE_F_OWNER &&
- !nft_table_is_orphan(ctx->table)))
+ !(nft_table_has_owner(ctx->table) ||
+ nft_table_is_orphan(ctx->table))))
return -EOPNOTSUPP;
if ((flags ^ ctx->table->flags) & NFT_TABLE_F_PERSIST)
--
2.39.3 (Apple Git-145)
