lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:	Mon, 14 Dec 2015 20:37:55 +0100
From:	Pablo Neira Ayuso <pablo@...filter.org>
To:	Tejun Heo <tj@...nel.org>
Cc:	davem@...emloft.net, kaber@...sh.net, kadlec@...ckhole.kfki.hu,
	daniel@...earbox.net, daniel.wagner@...-carit.de,
	nhorman@...driver.com, lizefan@...wei.com, hannes@...xchg.org,
	netdev@...r.kernel.org, netfilter-devel@...r.kernel.org,
	coreteam@...filter.org, cgroups@...r.kernel.org,
	linux-kernel@...r.kernel.org, kernel-team@...com, ninasc@...com,
	Jan Engelhardt <jengelh@...i.de>
Subject: Re: [PATCH 8/8] netfilter: implement xt_cgroup cgroup2 path match

On Mon, Dec 07, 2015 at 05:38:55PM -0500, Tejun Heo wrote:
> This patch implements xt_cgroup path match which matches cgroup2
> membership of the associated socket.  The match is recursive and
> invertible.

Applied, thanks.

I shared the same concerns as Florian regarding the large size of the
path field in iptables, but given that we expose the layout of our
internal representation there (which is bad in terms of
extensibility), the only solution that I can see is to artificially
limitate the size of that field, but that may break users depending on
the scenario.

Hopefully, we should be able to provide something better in nf_tables
to address this.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists