Re: [patch] update: _working_ code to add device+inode check to ipt_owner.c

From: Chris Wright
Date: Thu Sep 09 2004 - 11:20:47 EST

Next message: Alan Cox: "Fixing the holes in the tty layer"
Previous message: Luke Kenneth Casson Leighton: "[patch] update: _working_ code to add device+inode check to ipt_owner.c"
In reply to: Luke Kenneth Casson Leighton: "[patch] update: _working_ code to add device+inode check to ipt_owner.c"
Next in thread: Luke Kenneth Casson Leighton: "Re: [patch] update: _working_ code to add device+inode check to ipt_owner.c"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

* Luke Kenneth Casson Leighton (lkcl@xxxxxxxx) wrote:
> wow, gosh, it works.
>
> okay, this is a patch to add support in iptables for per-program
> firewall filtering.
>
> also included is the patches to iptables-1.2.11.
>
> i have confidence that this patch will provide support for
> BOTH incoming AND outgoing per-program packet filtering.

Programs can share a socket. Incoming is in interrupt context. You
have no idea who will be woken up. How do you handle this?

thanks,
-chris
--
Linux Security Modules http://lsm.immunix.org http://lsm.bkbits.net
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Alan Cox: "Fixing the holes in the tty layer"
Previous message: Luke Kenneth Casson Leighton: "[patch] update: _working_ code to add device+inode check to ipt_owner.c"
In reply to: Luke Kenneth Casson Leighton: "[patch] update: _working_ code to add device+inode check to ipt_owner.c"
Next in thread: Luke Kenneth Casson Leighton: "Re: [patch] update: _working_ code to add device+inode check to ipt_owner.c"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]