Re: [PATCH 2.6 NETFILTER] new netfilter module ipt_program.c

[Luke Kenneth Casson Leighton]

On Sat, Sep 11, 2004 at 02:29:35PM +0100, Luke Kenneth Casson Leighton wrote:
> On Sat, Sep 11, 2004 at 02:51:24PM +0200, Patrick McHardy wrote:
> > Luke Kenneth Casson Leighton wrote:
> > >decided to put this into a separate module.  based on ipt_owner.c.
> > >does full program's pathname.  like ipt_owner, only suitable for
> > >outgoing connections.
> > 
> > I agree that it would be useful to match the full path, but
> > the patch is broken, as are the owner match's pid-, sid- and
> > command-matching options. You can't grab files->file_lock
> > outside of process context. 
 
 thing is, you see, i know just enough to be dangerous.

 using files->file_lock a) seems to work b) is accepted code in the
 kernel.

 if someone else has the experience and knowledge to fix ipt_owner.c
 i'll quite happily cut/paste that instead - once it's fixed.

 in the meantime...

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/