Hi Stephen, > On 08/25/2011 05:44 PM, Stephen Hemminger wrote: >> What about using netfilter (with extensions)? We already have iptables >> module to match on uid or gid. It wouldn't be hard to extend this to >> other bits of meta data like originating and target containers. > > From reading the man pages the "owner" extension of netfilter would only > allow to match on outgoing traffic. Would it be possible to extend this > to also match on incoming traffic? Sorry to be completely ignorant here. I just realized, that the "owner" extension is "only" matching on UID/GID. For thing I would like to solve the match should be on PID. IIRC the "owner" extension supported but this feature but it was removed [1] thanks, daniel [1] http://www.mail-archive.com/git-commits-head@xxxxxxxxxxxxxxx/msg00486.html _______________________________________________ Containers mailing list Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linux-foundation.org/mailman/listinfo/containers
