Bug 91374 - Add support for Linux 2.4.20/2.5 owner match
Summary: Add support for Linux 2.4.20/2.5 owner match
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: iptables   
(Show other bugs)
Version: 7.3
Hardware: athlon
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Thomas Woerner
QA Contact: Ben Levenson
URL: https://bugzilla.redhat.com/bugzilla/...
Whiteboard:
Keywords: Security
: 91500 (view as bug list)
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2003-05-21 23:31 UTC by Tulipánt Gergely
Modified: 2007-04-18 16:53 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2003-07-03 09:37:34 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

Description Tulipánt Gergely 2003-05-21 23:31:53 UTC
Description of problem:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=79249

--quote------------------------------------------------------------
Description of Problem:
Linux 2.4.20 and 2.5 (apparently starting from 2.5.32) extend the owner match to
support to allow matching on the process "comm" name and does so by enlarging
the structure used to pass owner match data.
This means that versions of iptables not updated to support the new kernels are
unable to use owner match at all (because the kernel check the struct size).

This is apparently fixed in iptables 1.2.7a: please upgrade or backport the patch.

Version-Release number of selected component (if applicable):
iptables-1.2.6a-2

How Reproducible:
Every time.

Steps to Reproduce:
1. Boot Linux 2.4.20, 2.5.32 or later
2. iptables -A OUTPUT -m owner --uid-owner <uid> -j DROP

Actual Results:
"iptables: Invalid argument"

Expected Results:
iptables succeeds and the rule is enacted

------- Additional Comment #1 From Bill Nottingham on 2003-01-13 16:11 -------

fixed in 1.2.7a-1

--/qoute------------------------------------------------------------

Version-Release number of selected component (if applicable):
iptables-1.2.5-3

Comment 1 Jason Burgess 2003-05-27 16:17:21 UTC
*** Bug 91500 has been marked as a duplicate of this bug. ***

Comment 2 Thomas Woerner 2003-07-03 09:37:34 UTC
Fixed in the new 1.2.8-4.x version. This version has a new startup script and an
additional config file.


/etc/sysconfig/iptables-config:
> # Additional iptables modules (nat helper)
> # Default: -empty-
> #IPTABLES_MODULES="ip_nat_ftp"
> 
> # Save current firewall rules on stop.
> # Value: yes|no,  default: no
> #IPTABLES_SAVE_ON_STOP="no"
> 
> # Save current firewall rules on restart.
> # Value: yes|no,  default: no
> #IPTABLES_SAVE_ON_RESTART="no"
> 
> # Save rule counter.
> # Value: yes|no,  default: yes
> #IPTABLES_SAVE_COUNTER="yes"
> 
> # Numeric status output
> # Value: yes|no,  default: no
> #IPTABLES_STATUS_NUMERIC="no"


RPM packages for 7.x:
http://people.redhat.com/twoerner/RPMS/7.x/iptables-1.2.8-4.73.1.i386.rpm
http://people.redhat.com/twoerner/RPMS/7.x/iptables-ipv6-1.2.8-4.73.1.i386.rpm
http://people.redhat.com/twoerner/SRPMS/iptables-1.2.8-4.73.1.src.rpm

RPM packages for 8.0:
http://people.redhat.com/twoerner/RPMS/8.0/iptables-1.2.8-4.80.1.i386.rpm
http://people.redhat.com/twoerner/RPMS/8.0/iptables-ipv6-1.2.8-4.80.1.i386.rpm
http://people.redhat.com/twoerner/SRPMS/iptables-1.2.8-4.80.1.src.rpm

RPM packages for 9:
http://people.redhat.com/twoerner/RPMS/9/iptables-1.2.8-4.90.1.i386.rpm
http://people.redhat.com/twoerner/RPMS/9/iptables-ipv6-1.2.8-4.90.1.i386.rpm
http://people.redhat.com/twoerner/SRPMS/iptables-1.2.8-4.90.1.src.rpm



Note You need to log in before you can comment on or make changes to this bug.