On Sat, Mar 16, 2024 at 01:01:24AM +0800, Quan Tian wrote:
> If a table was owned by a process, its dormant flag couldn't be updated
> because the code required the table to be an orphan.
>
> $ nft -i
> nft> add table ip test { flags owner ; }
> nft> list table ip test
> table ip test { # progname nft
> flags owner
> }
> nft> add table ip test { flags owner ; flags dormant ; }
> Error: Could not process rule: Operation not supported
> add table ip test { flags owner ; flags dormant ; }
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Patch LGTM, thanks
> Fixes: 31bf508be656 ("netfilter: nf_tables: Implement table adoption support")
> Signed-off-by: Quan Tian <tianquan23@xxxxxxxxx>
> ---
> net/netfilter/nf_tables_api.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
> index e93f905e60b6..f06b09b32d80 100644
> --- a/net/netfilter/nf_tables_api.c
> +++ b/net/netfilter/nf_tables_api.c
> @@ -1219,7 +1219,8 @@ static int nf_tables_updtable(struct nft_ctx *ctx)
> if ((nft_table_has_owner(ctx->table) &&
> !(flags & NFT_TABLE_F_OWNER)) ||
> (flags & NFT_TABLE_F_OWNER &&
> - !nft_table_is_orphan(ctx->table)))
> + !(nft_table_has_owner(ctx->table) ||
> + nft_table_is_orphan(ctx->table))))
> return -EOPNOTSUPP;
>
> if ((flags ^ ctx->table->flags) & NFT_TABLE_F_PERSIST)
