Re: [PATCH 2.6 NETFILTER] new netfilter module ipt_program.c

From: Luke Kenneth Casson Leighton
Date: Sat Sep 11 2004 - 08:19:24 EST

Next message: Luke Kenneth Casson Leighton: "Re: [PATCH 2.6 NETFILTER] new netfilter module ipt_program.c"
Previous message: Tonnerre: "Re: swsusp: progress in percent"
In reply to: Patrick McHardy: "Re: [PATCH 2.6 NETFILTER] new netfilter module ipt_program.c"
Next in thread: Luke Kenneth Casson Leighton: "Re: [PATCH 2.6 NETFILTER] new netfilter module ipt_program.c"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sat, Sep 11, 2004 at 02:51:24PM +0200, Patrick McHardy wrote:
> Luke Kenneth Casson Leighton wrote:
> >decided to put this into a separate module. based on ipt_owner.c.
> >does full program's pathname. like ipt_owner, only suitable for
> >outgoing connections.
>
> I agree that it would be useful to match the full path, but
> the patch is broken, as are the owner match's pid-, sid- and
> command-matching options. You can't grab files->file_lock
> outside of process context.

what should be done instead?

what code is there around that i can copy that does a proper job?

l.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Luke Kenneth Casson Leighton: "Re: [PATCH 2.6 NETFILTER] new netfilter module ipt_program.c"
Previous message: Tonnerre: "Re: swsusp: progress in percent"
In reply to: Patrick McHardy: "Re: [PATCH 2.6 NETFILTER] new netfilter module ipt_program.c"
Next in thread: Luke Kenneth Casson Leighton: "Re: [PATCH 2.6 NETFILTER] new netfilter module ipt_program.c"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]