netfilter: x_tables: allow to use default cgroup match There's actually no good reason why we cannot use cgroup id 0, so lets just remove this artificial barrier. Reported-by: Alexey Perevalov <a.perevalov@samsung.com> Signed-off-by: Daniel Borkmann <dborkman@redhat.com> Tested-by: Alexey Perevalov <a.perevalov@samsung.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

commit: caa8ad94edf686d02b555c65a6162c0d1b434958 [log] [tgz]
author: Daniel Borkmann <dborkman@redhat.com> Mon Aug 18 15:46:28 2014 +0200
committer: Pablo Neira Ayuso <pablo@netfilter.org> Tue Aug 19 21:38:55 2014 +0200
tree: 848285c5619d4d1b1c14d8c15428c514ed25d5af
parent: 8993cf8edf42527119186b558766539243b791a5 [diff] [blame]
diff --git a/net/netfilter/xt_cgroup.c b/net/netfilter/xt_cgroup.c
index f4e8330..7198d66 100644
--- a/net/netfilter/xt_cgroup.c
+++ b/net/netfilter/xt_cgroup.c

@@ -31,7 +31,7 @@
 	if (info->invert & ~1)
 		return -EINVAL;
 
-	return info->id ? 0 : -EINVAL;
+	return 0;
 }
 
 static bool
commit	caa8ad94edf686d02b555c65a6162c0d1b434958	[log] [tgz]
author	Daniel Borkmann <dborkman@redhat.com>	Mon Aug 18 15:46:28 2014 +0200
committer	Pablo Neira Ayuso <pablo@netfilter.org>	Tue Aug 19 21:38:55 2014 +0200
tree	848285c5619d4d1b1c14d8c15428c514ed25d5af
parent	8993cf8edf42527119186b558766539243b791a5 [diff] [blame]