Don't create rules with NLM_F_EXCL.
Some operations, such as changing a network's permissions, rely
on make-before-break, and in some cases create rules that are
identical to the ones that already exist. Starting around 4.9,
the kernel fails these operations with EEXIST.
We can't just ignore the EEXISTs because if we get EEXIST it
means that the rule was not created, but we'll think it was,
and later on we'll trip up trying to delete it.
It would be possible to refactor the code to ensure that these
no-op operations are never performed, but we would probably have
to pass a lot more state around to deal with only a few corner
cases.
Fix: 69607866
Test: builds
Change-Id: I1b563243b615daa73a2d9f527f77608df1f56251
2 files changed
