Re: [PATCH v2] Root in namespace owns x_tables /proc entries

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Philip,

On Sat, 14 Nov 2015, Philip Whineray wrote:

> Since it's in danger of getting quite complicate, would one or more of
> the following be acceptable?
> 
> - Choose permission in a module parameter
> 
> - Allow setting with sysctl e.g. net.netfilter.conf.xtable_proc_perms
> 
> - Match permissions of /proc/modules (grsec restricts these so we will
>   gain the same policy).

In my opinion either one is good and I'd pick the sysctl setting. That way 
the permissions could be changed without reloading the module and 
independently of the permissions of /proc/modules.

Best regards,
Jozsef
-
E-mail  : kadlec@xxxxxxxxxxxxxxxxx, kadlecsik.jozsef@xxxxxxxxxxxxx
PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt
Address : Wigner Research Centre for Physics, Hungarian Academy of Sciences
          H-1525 Budapest 114, POB. 49, Hungary
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html



[Index of Archives]     [Netfitler Users]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux