Re: [PATCH 2.6 NETFILTER] new netfilter module ipt_program.c

• Previous message: Mike Mestnik: "Re: radeon-pre-2"
• In reply to: Luke Kenneth Casson Leighton: "[PATCH 2.6 NETFILTER] new netfilter module ipt_program.c"
• Next in thread: Luke Kenneth Casson Leighton: "Re: [PATCH 2.6 NETFILTER] new netfilter module ipt_program.c"
• Reply: Luke Kenneth Casson Leighton: "Re: [PATCH 2.6 NETFILTER] new netfilter module ipt_program.c"
• Reply: Gianni Tedesco: "Re: [PATCH 2.6 NETFILTER] new netfilter module ipt_program.c"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Date:	Sat, 11 Sep 2004 14:51:24 +0200
To: Luke Kenneth Casson Leighton <lkcl@lkcl.net>

Luke Kenneth Casson Leighton wrote:
> decided to put this into a separate module. based on ipt_owner.c.
> does full program's pathname. like ipt_owner, only suitable for
> outgoing connections.

I agree that it would be useful to match the full path, but
the patch is broken, as are the owner match's pid-, sid- and
command-matching options. You can't grab files->file_lock
outside of process context. Besides, we want to consolidate
functionality, not add new matches that do basically the same
as existing ones.

Regards
Patrick
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

• Previous message: Mike Mestnik: "Re: radeon-pre-2"
• In reply to: Luke Kenneth Casson Leighton: "[PATCH 2.6 NETFILTER] new netfilter module ipt_program.c"
• Next in thread: Luke Kenneth Casson Leighton: "Re: [PATCH 2.6 NETFILTER] new netfilter module ipt_program.c"
• Reply: Luke Kenneth Casson Leighton: "Re: [PATCH 2.6 NETFILTER] new netfilter module ipt_program.c"
• Reply: Gianni Tedesco: "Re: [PATCH 2.6 NETFILTER] new netfilter module ipt_program.c"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Relevant Pages Re: [PATCH] incomplete dependencies with BK tree (was: Anyone got aic7xxx working with 2.4.26?) ... > able to generate the stdarg.h pathname pretty easily, ... > (and that may depend on gcc versions too, ... mkdep barf if it cannot open a file it was given? ... send the line "unsubscribe linux-kernel" in ... (Linux-Kernel) Re: [PATCH 2.6.5-mm4] sys_access race fix ... Fabian Frederick wrote: ... point is simply that there's implicit permission check in ... accesscheck verifies access to the pathname using the ruid not euid. ... send the line "unsubscribe linux-kernel" in ... (Linux-Kernel) Re: [PATCH 2.6 NETFILTER] new netfilter module ipt_program.c ... Luke Kenneth Casson Leighton wrote: ... > kernel. ... send the line "unsubscribe linux-kernel" in ... (Linux-Kernel) Re: how do you call userspace syscalls (e.g. sys_rename) from inside kernel ... On Fri, 2004-10-08 at 16:18 +0100, Luke Kenneth Casson Leighton wrote: ... > etc. - everything that does file access. ... send the line "unsubscribe linux-kernel" in ... (Linux-Kernel) Re: whats next for the linux kernel? ... On Wed, Oct 05 2005, Luke Kenneth Casson Leighton wrote: ... >> It's not my opinion, I'm stating historical fact. ... send the line "unsubscribe linux-kernel" in ... (Linux-Kernel)