Red Hat Bugzilla – Bug 79249
Add support for Linux 2.4.20/2.5 owner match (already in latest upstream)
Last modified: 2007-04-18 12:48:55 EDT
Description of Problem:
Linux 2.4.20 and 2.5 (apparently starting from 2.5.32) extend the owner match to
support to allow matching on the process "comm" name and does so by enlarging
the structure used to pass owner match data.
This means that versions of iptables not updated to support the new kernels are
unable to use owner match at all (because the kernel check the struct size).
This is apparently fixed in iptables 1.2.7a: please upgrade or backport the patch.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Boot Linux 2.4.20, 2.5.32 or later
2. iptables -A OUTPUT -m owner --uid-owner <uid> -j DROP
"iptables: Invalid argument"
iptables succeeds and the rule is enacted
fixed in 1.2.7a-1