Paweł Sikora wrote:
> Dnia środa, 16 listopada 2005 16:44, napisałeś:
> 
>>Pawel Sikora wrote:
>>
>>>I have installed a 2.6.14.2 kernel + grsecurity-2.1.7-2.6.14.2-$latest,
>>>libnfnetlink-0.0.13 and libnetfilter_conntrack-0.0.28.
>>>
>>>./ctnl_test fails:
>>>
>>>Test for libnetfilter_conntrack
>>>
>>>NFNETLINK answers: Invalid argument
>>>TEST 1: create conntrack (-22)
>>>TEST 2: dump conntrack table and reset (-22)
>>>TEST 3: dump conntrack table (-22)
>>>TEST 4: get conntrack (-22)
>>>TEST 5: update conntrack (-22)
>>>NFNETLINK answers: Invalid argument
>>>TEST 6: delete conntrack (-22)
>>>nfnl_open: bind(netlink): Operation not permitted
>>>Can't open handler
>>>Test failed with error -2. Errors=7
>>>
>>>Is this a grsec issue?
>>
>>Hard to say, my last contact with grsec was years ago. That output is
>>kind of weird. Could you try reverting the grsec patch?
> 
> 
> currently I get the same error on 2.6.14.2 without grsec on root account.
> first failure occurs at first call of nfnl_talk().

There's nothing wrong in nfnl_talk. It is the kernel that is returning
-EINVAL to userspace. Please apply the patch attached. It enables
debugging. Send me the output since I'm not able to reproduce that
problem that you're reporting. BTW, is that a x86 box?

-- 
Pablo