On Mon, Nov 27, 2023 at 12:36 PM Alan Wandke <alanwandke.linux@xxxxxxxxx> wrote: > > In order to support the NETFILTER_NETLINK protocol, either NF_TABLES or IP_SET must be enabled. > Neither are strict dependencies in Kconfig. Fix this by enabling NF_TABLES in the defconfig. > > Before: > ./netlinkcreate: socket(AF_NETLINK, SOCK_DGRAM, netfilter/12): Protocol not supported > not ok 3 > # Test 3 got: "256" (./test at line 25) > # Expected: "0" > # ./test line 25 is: ok( $result, 0 ); > > After: > ok 3 > > Signed-off-by: Alan Wandke <alanwandke.linux@xxxxxxxxx> Looks like we could enable it via a number of different config options but we need NF_TABLES regardless for the secmark tests in inet_socket and sctp to run, so adding that to the defconfig makes the most sense. Reviewed-by: Stephen Smalley <stephen.smalley.work@xxxxxxxxx> > --- > defconfig | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/defconfig b/defconfig > index 2783c01..47938c1 100644 > --- a/defconfig > +++ b/defconfig > @@ -55,6 +55,7 @@ CONFIG_IPV6_GRE=m > CONFIG_SCSI_ISCSI_ATTRS=m > CONFIG_NETFILTER_NETLINK=m > CONFIG_CRYPTO_USER=m > +CONFIG_NF_TABLES=m > > # Overlay fs. > # This is enabled to test overlayfs SELinux integration. > -- > 2.42.0 >
