Re: [PATCH 2.6 NETFILTER] new netfilter module ipt_program.c

From: Patrick McHardy
Date: Sat Sep 11 2004 - 07:54:04 EST

Next message: Bjoern Brauel: "Re: Major XFS problems..."
Previous message: Mike Mestnik: "Re: radeon-pre-2"
In reply to: Luke Kenneth Casson Leighton: "[PATCH 2.6 NETFILTER] new netfilter module ipt_program.c"
Next in thread: Luke Kenneth Casson Leighton: "Re: [PATCH 2.6 NETFILTER] new netfilter module ipt_program.c"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Luke Kenneth Casson Leighton wrote:

decided to put this into a separate module. based on ipt_owner.c.
does full program's pathname. like ipt_owner, only suitable for
outgoing connections.

I agree that it would be useful to match the full path, but
the patch is broken, as are the owner match's pid-, sid- and
command-matching options. You can't grab files->file_lock
outside of process context. Besides, we want to consolidate
functionality, not add new matches that do basically the same
as existing ones.

Regards
Patrick
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Bjoern Brauel: "Re: Major XFS problems..."
Previous message: Mike Mestnik: "Re: radeon-pre-2"
In reply to: Luke Kenneth Casson Leighton: "[PATCH 2.6 NETFILTER] new netfilter module ipt_program.c"
Next in thread: Luke Kenneth Casson Leighton: "Re: [PATCH 2.6 NETFILTER] new netfilter module ipt_program.c"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]