Commit 7c6d4f8c authored by Daniel Borkmann's avatar Daniel Borkmann Committed by Greg Kroah-Hartman

netfilter: x_tables: allow to use default cgroup match

commit caa8ad94 upstream.

There's actually no good reason why we cannot use cgroup id 0,
so lets just remove this artificial barrier.
Reported-by: default avatarAlexey Perevalov <a.perevalov@samsung.com>
Signed-off-by: default avatarDaniel Borkmann <dborkman@redhat.com>
Tested-by: default avatarAlexey Perevalov <a.perevalov@samsung.com>
Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
parent d0b41615
...@@ -31,7 +31,7 @@ static int cgroup_mt_check(const struct xt_mtchk_param *par) ...@@ -31,7 +31,7 @@ static int cgroup_mt_check(const struct xt_mtchk_param *par)
if (info->invert & ~1) if (info->invert & ~1)
return -EINVAL; return -EINVAL;
return info->id ? 0 : -EINVAL; return 0;
} }
static bool static bool
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment