79249 – Add support for Linux 2.4.20/2.5 owner match (already in latest upstream)

Bug 79249 - Add support for Linux 2.4.20/2.5 owner match (already in latest upstream)

Summary: Add support for Linux 2.4.20/2.5 owner match (already in latest upstream)

Keywords:
Status:	CLOSED RAWHIDE
Alias:	None
Product:	Red Hat Raw Hide
Classification:	Retired
Component:	iptables
Sub Component:
Version:	1.0
Hardware:	i686
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	wdovlrrw
QA Contact:	Ben Levenson
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	79578
TreeView+	depends on / blocked

Reported:	2002-12-08 17:13 UTC by Luca Barbieri
Modified:	2007-04-18 16:48 UTC (History)
CC List:	0 users
Fixed In Version:
Doc Type:	Enhancement
Doc Text:
Clone Of:
Environment:
Last Closed:	2003-01-13 21:11:47 UTC
Embargoed:

Attachments	(Terms of Use)

Description Luca Barbieri 2002-12-08 17:13:20 UTC

Description of Problem:
Linux 2.4.20 and 2.5 (apparently starting from 2.5.32) extend the owner match to
support to allow matching on the process "comm" name and does so by enlarging
the structure used to pass owner match data.
This means that versions of iptables not updated to support the new kernels are
unable to use owner match at all (because the kernel check the struct size).

This is apparently fixed in iptables 1.2.7a: please upgrade or backport the patch.

Version-Release number of selected component (if applicable):
iptables-1.2.6a-2

How Reproducible:
Every time.

Steps to Reproduce:
1. Boot Linux 2.4.20, 2.5.32 or later
2. iptables -A OUTPUT -m owner --uid-owner <uid> -j DROP

Actual Results:
"iptables: Invalid argument"

Expected Results:
iptables succeeds and the rule is enacted

Comment 1 Bill Nottingham 2003-01-13 21:11:47 UTC

fixed in 1.2.7a-1

Note You need to log in before you can comment on or make changes to this bug.