Topi Miettinen <toiwoton@xxxxxxxxx> wrote: > Would it be possible to add such checks in the future? We could add socket skuid, socket skgid, its not hard. > Note that the kernel may accept expressions without errors even if it > doesn't implement the feature. For example, input chain filters using > expressions such as *meta skuid*, *meta skgid*, *meta cgroup* or Those can not be made to work. > *socket cgroupv2* are silently accepted but they don't work reliably socket should work, at least for tcp and udp. The cgroupv2 is buggy. I sent a patch, feel free to test it.
