Bug 79249

Summary: Add support for Linux 2.4.20/2.5 owner match (already in latest upstream)
Product: [Retired] Red Hat Raw Hide Reporter: Luca Barbieri <ldb>
Component: iptablesAssignee: wdovlrrw <brosenkr>
Status: CLOSED RAWHIDE QA Contact: Ben Levenson <benl>
Severity: medium Docs Contact:
Priority: medium    
Version: 1.0Keywords: FutureFeature
Target Milestone: ---   
Target Release: ---   
Hardware: i686   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2003-01-13 21:11:47 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 79578    

Description Luca Barbieri 2002-12-08 17:13:20 UTC 
Description of Problem:
Linux 2.4.20 and 2.5 (apparently starting from 2.5.32) extend the owner match to
support to allow matching on the process "comm" name and does so by enlarging
the structure used to pass owner match data.
This means that versions of iptables not updated to support the new kernels are
unable to use owner match at all (because the kernel check the struct size).

This is apparently fixed in iptables 1.2.7a: please upgrade or backport the patch.

Version-Release number of selected component (if applicable):
iptables-1.2.6a-2

How Reproducible:
Every time.

Steps to Reproduce:
1. Boot Linux 2.4.20, 2.5.32 or later
2. iptables -A OUTPUT -m owner --uid-owner <uid> -j DROP

Actual Results:
"iptables: Invalid argument"

Expected Results:
iptables succeeds and the rule is enacted
Comment 1 Bill Nottingham 2003-01-13 21:11:47 UTC 
fixed in 1.2.7a-1