[PATCH nftables,v2] datatype: skip cgroupv2 rootfs in listing

netfilter-devel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* [PATCH nftables,v2] datatype: skip cgroupv2 rootfs in listing
@ 2021-05-18 12:38 Pablo Neira Ayuso
  0 siblings, 0 replies; only message in thread
From: Pablo Neira Ayuso @ 2021-05-18 12:38 UTC (permalink / raw)
  To: netfilter-devel

cgroupv2 path is expressed from the /sys/fs/cgroup, update listing
to skip the rootfs.

 # nft add rule x y socket cgroupv2 level 1 "user.slice" counter
 # nft list ruleset
 table ip x {
        chain y {
                type filter hook input priority filter; policy accept;
                socket cgroupv2 level 1 "user.slice" counter
        }
 }

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
v2: update commit description.

 src/datatype.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/datatype.c b/src/datatype.c
index 743505de44b6..7267d60895d8 100644
--- a/src/datatype.c
+++ b/src/datatype.c
@@ -1382,7 +1382,8 @@ static void cgroupv2_type_print(const struct expr *expr,
 
 	cgroup_path = cgroupv2_get_path(SYSFS_CGROUPSV2_PATH, id);
 	if (cgroup_path)
-		nft_print(octx, "\"%s\"", cgroup_path);
+		nft_print(octx, "\"%s\"",
+			  &cgroup_path[strlen(SYSFS_CGROUPSV2_PATH) + 1]);
 	else
 		nft_print(octx, "%" PRIu64, id);
 
-- 
2.30.2


^ permalink raw reply related	[flat|nested] only message in thread

only message in thread, other threads:[~2021-05-18 12:38 UTC | newest]

Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2021-05-18 12:38 [PATCH nftables,v2] datatype: skip cgroupv2 rootfs in listing Pablo Neira Ayuso

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).