In the to mount.cifs(8) we can read the following:
mount.cifs causes the cifs vfs to launch a thread named cifsd. After mounting
it keeps running until the mounted resource is unmounted (usually via the
umount utility).
This cifsd tries to connect to the 445/tcp port. For people who don't filter
OUTPUT there's no big deal, but for people who do filter OUTPUT there's a little
problem with handling such kernel threads.
Basically I'm using cgrulesengd to add processes to the net_cls cgroup and mark
them using different net_cls.classid for different user processes. Then I add
rules similar to *meta cgroup { n }...* and all the filtering works well. But
I was unable to catch this cifsd process. So the question is: how to do it? Is
it even possible?
