On Friday 2010-09-24 22:45, Eric Paris wrote:
>Commit 4a5a5c73 attempted to pass decent error messages back to userspace for
>netfilter errors. In xt_SECMARK.c however the patch screwed up and returned
>on 0 (aka no error) early and didn't finish setting up secmark. This results
>in a kernel BUG if you use SECMARK.
>+++ b/net/netfilter/xt_SECMARK.c
>@@ -101,7 +101,7 @@ static int secmark_tg_check(const struct xt_tgchk_param *par)
> switch (info->mode) {
> case SECMARK_MODE_SEL:
> err = checkentry_selinux(info);
>- if (err <= 0)
>+ if (err)
> return err;
Indeed the = is unwanted and err < 0 was intended here.
Sorry for the slip.
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
