secmark: do not return early if there was no error
Commit 4a5a5c73
attempted to pass decent error messages back to userspace for
netfilter errors. In xt_SECMARK.c however the patch screwed up and returned
on 0 (aka no error) early and didn't finish setting up secmark. This results
in a kernel BUG if you use SECMARK.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Paul Moore <paul.moore@hp.com>
Signed-off-by: James Morris <jmorris@namei.org>
This commit is contained in:
parent
3ed02ada2a
commit
15714f7b58
|
@ -101,7 +101,7 @@ static int secmark_tg_check(const struct xt_tgchk_param *par)
|
|||
switch (info->mode) {
|
||||
case SECMARK_MODE_SEL:
|
||||
err = checkentry_selinux(info);
|
||||
if (err <= 0)
|
||||
if (err)
|
||||
return err;
|
||||
break;
|
||||
|
||||
|
|
Loading…
Reference in New Issue