On 2026-02-27, at 20:14:58 +0100, Guilhem Moulin wrote:
Control: tag -1 upstream Control: forwarded -1 https://bugzilla.netfilter.org/show_bug.cgi?id=1830I'm not entirely sure it's the same issue since I install guest firewalls via libvirt hooks, but that setup is also broken since the libxtables12 upgrade. The userspace executable exits with status 111, which appears to be due to this commit: https://salsa.debian.org/pkg-netfilter-team/pkg-iptables/-/commit/a2a733e9f0da779bbe009736644f4481e22ca3d1 Reverting the change fixes the issue in my case. I see this has been reported upstream at https://bugzilla.netfilter.org/show_bug.cgi?id=1830 , and upstream reverted the change in commit 6fff7039c06f0084ed35d7a73a6784ef0c12619e on the master branch. Probably worth cherry-picking that revert in -2?
Reviewing the changes in 1.8.12, I thought that a2a733e9f0da
("libxtables: refuse to run under file capabilities") seemed the likely
candidate, but I had been unable to reproduce the problem. Thanks for
the confirmation. I will prepare -2.
J.
signature.asc
Description: PGP signature
