Bug 79249 - Add support for Linux 2.4.20/2.5 owner match (already in latest upstream)
Add support for Linux 2.4.20/2.5 owner match (already in latest upstream)
Product: Red Hat Raw Hide
Classification: Retired
Component: iptables (Show other bugs)
i686 Linux
medium Severity medium
: ---
: ---
Assigned To: wdovlrrw
Ben Levenson
: FutureFeature
Depends On:
Blocks: 79578
  Show dependency treegraph
Reported: 2002-12-08 12:13 EST by Luca Barbieri
Modified: 2007-04-18 12:48 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2003-01-13 16:11:47 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Luca Barbieri 2002-12-08 12:13:20 EST
Description of Problem:
Linux 2.4.20 and 2.5 (apparently starting from 2.5.32) extend the owner match to
support to allow matching on the process "comm" name and does so by enlarging
the structure used to pass owner match data.
This means that versions of iptables not updated to support the new kernels are
unable to use owner match at all (because the kernel check the struct size).

This is apparently fixed in iptables 1.2.7a: please upgrade or backport the patch.

Version-Release number of selected component (if applicable):

How Reproducible:
Every time.

Steps to Reproduce:
1. Boot Linux 2.4.20, 2.5.32 or later
2. iptables -A OUTPUT -m owner --uid-owner <uid> -j DROP

Actual Results:
"iptables: Invalid argument"

Expected Results:
iptables succeeds and the rule is enacted
Comment 1 Bill Nottingham 2003-01-13 16:11:47 EST
fixed in 1.2.7a-1

Note You need to log in before you can comment on or make changes to this bug.