diff options
author | Eric Paris <eparis@redhat.com> | 2010-10-12 11:40:08 -0400 |
---|---|---|
committer | James Morris <jmorris@namei.org> | 2010-10-21 10:12:47 +1100 |
commit | 15714f7b58011cf3948cab2988abea560240c74f (patch) | |
tree | 87b4166eaf1219eb8d64ae9bd3f614c736f46ecb /net/netfilter | |
parent | 3ed02ada2a5e695e2fbb5e4a0008cfcb0f50feaa (diff) |
secmark: do not return early if there was no error
Commit 4a5a5c73 attempted to pass decent error messages back to userspace for
netfilter errors. In xt_SECMARK.c however the patch screwed up and returned
on 0 (aka no error) early and didn't finish setting up secmark. This results
in a kernel BUG if you use SECMARK.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Paul Moore <paul.moore@hp.com>
Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'net/netfilter')
-rw-r--r-- | net/netfilter/xt_SECMARK.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/net/netfilter/xt_SECMARK.c b/net/netfilter/xt_SECMARK.c index 23b2d6c486b..364ad160012 100644 --- a/net/netfilter/xt_SECMARK.c +++ b/net/netfilter/xt_SECMARK.c @@ -101,7 +101,7 @@ static int secmark_tg_check(const struct xt_tgchk_param *par) switch (info->mode) { case SECMARK_MODE_SEL: err = checkentry_selinux(info); - if (err <= 0) + if (err) return err; break; |