Commit 15714f7b authored by Eric Paris's avatar Eric Paris Committed by James Morris

secmark: do not return early if there was no error

Commit 4a5a5c73 attempted to pass decent error messages back to userspace for
netfilter errors.  In xt_SECMARK.c however the patch screwed up and returned
on 0 (aka no error) early and didn't finish setting up secmark.  This results
in a kernel BUG if you use SECMARK.
Signed-off-by: default avatarEric Paris <eparis@redhat.com>
Acked-by: default avatarPaul Moore <paul.moore@hp.com>
Signed-off-by: default avatarJames Morris <jmorris@namei.org>
parent 3ed02ada
...@@ -101,7 +101,7 @@ static int secmark_tg_check(const struct xt_tgchk_param *par) ...@@ -101,7 +101,7 @@ static int secmark_tg_check(const struct xt_tgchk_param *par)
switch (info->mode) { switch (info->mode) {
case SECMARK_MODE_SEL: case SECMARK_MODE_SEL:
err = checkentry_selinux(info); err = checkentry_selinux(info);
if (err <= 0) if (err)
return err; return err;
break; break;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment