From: ebiederm@xxxxxxxxxxxx (Eric W. Biederman) Date: Fri, 19 Jun 2015 10:41:21 -0500 > > Currenlty nf_tables chains added in one network namespace are being > run in all network namespace. The issues are myriad with the simplest > being an unprivileged user can cause any network packets to be dropped. > > Address this by simply not running nf_tables chains in the wrong > network namespace. > > Cc: stable@xxxxxxxxxxxxxxx > Signed-off-by: "Eric W. Biederman" <ebiederm@xxxxxxxxxxxx> Applied. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
