diff options
| author | Kyle McMartin <kyle@mcmartin.ca> | 2010-11-20 08:28:57 -0500 |
|---|---|---|
| committer | Kyle McMartin <kyle@mcmartin.ca> | 2010-11-20 08:28:57 -0500 |
| commit | 49d23722dfbdeca9a8cb66ba87104e31bb98e62f (patch) | |
| tree | 077b797e873ff409c28796e75e1a579fddb54b97 | |
| parent | 16ab22b5320d6df5f4eaae3ed419d2f9c713b284 (diff) | |
| download | kernel-49d23722dfbdeca9a8cb66ba87104e31bb98e62f.tar.gz kernel-49d23722dfbdeca9a8cb66ba87104e31bb98e62f.tar.xz kernel-49d23722dfbdeca9a8cb66ba87104e31bb98e62f.zip | |
fix BUG when using xt_SECMARK
| -rw-r--r-- | kernel.spec | 8 | ||||
| -rw-r--r-- | secmark-do-not-return-early-if-there-was-no-error.patch | 33 |
2 files changed, 41 insertions, 0 deletions
diff --git a/kernel.spec b/kernel.spec index d85d38073..3fb5865b5 100644 --- a/kernel.spec +++ b/kernel.spec @@ -724,6 +724,8 @@ Patch12303: dmar-disable-when-ricoh-multifunction.patch Patch12305: xhci_hcd-suspend-resume.patch +Patch12306: secmark-do-not-return-early-if-there-was-no-error.patch + %endif BuildRoot: %{_tmppath}/kernel-%{KVERREL}-root @@ -1342,6 +1344,8 @@ ApplyPatch dmar-disable-when-ricoh-multifunction.patch ApplyPatch xhci_hcd-suspend-resume.patch +ApplyPatch secmark-do-not-return-early-if-there-was-no-error.patch + # END OF PATCH APPLICATIONS %endif @@ -1955,6 +1959,10 @@ fi # || || %changelog +* Sat Nov 20 2010 Kyle McMartin <kyle@redhat.com> +- secmark-do-not-return-early-if-there-was-no-error.patch: requested + by eparis@. (Fixes a BUG when using secmark.) + * Wed Nov 17 2010 Kyle McMartin <kyle@redhat.com> 2.6.36-5 - Disable drm/intel rebase until it can be fixed. diff --git a/secmark-do-not-return-early-if-there-was-no-error.patch b/secmark-do-not-return-early-if-there-was-no-error.patch new file mode 100644 index 000000000..6515bd043 --- /dev/null +++ b/secmark-do-not-return-early-if-there-was-no-error.patch @@ -0,0 +1,33 @@ +From 15714f7b58011cf3948cab2988abea560240c74f Mon Sep 17 00:00:00 2001 +From: Eric Paris <eparis@redhat.com> +Date: Tue, 12 Oct 2010 11:40:08 -0400 +Subject: [PATCH] secmark: do not return early if there was no error + +Commit 4a5a5c73 attempted to pass decent error messages back to userspace for +netfilter errors. In xt_SECMARK.c however the patch screwed up and returned +on 0 (aka no error) early and didn't finish setting up secmark. This results +in a kernel BUG if you use SECMARK. + +Signed-off-by: Eric Paris <eparis@redhat.com> +Acked-by: Paul Moore <paul.moore@hp.com> +Signed-off-by: James Morris <jmorris@namei.org> +--- + net/netfilter/xt_SECMARK.c | 2 +- + 1 files changed, 1 insertions(+), 1 deletions(-) + +diff --git a/net/netfilter/xt_SECMARK.c b/net/netfilter/xt_SECMARK.c +index 23b2d6c..364ad16 100644 +--- a/net/netfilter/xt_SECMARK.c ++++ b/net/netfilter/xt_SECMARK.c +@@ -101,7 +101,7 @@ static int secmark_tg_check(const struct xt_tgchk_param *par) + switch (info->mode) { + case SECMARK_MODE_SEL: + err = checkentry_selinux(info); +- if (err <= 0) ++ if (err) + return err; + break; + +-- +1.7.3.2 + |