On 15.06.2024 14:02, Mikhail Morfikov wrote:
But there's no curl pids in /sys/fs/cgroup/user.slice/user-1000.slice/user@1000.service/cgroup.procs . To be more specific, there's no pids at all in this cgroup.procs file. The curl pids are under # cat /sys/fs/cgroup/morfikownia/user/curl/pids.current 1 # cat /sys/fs/cgroup/morfikownia/user/curl/cgroup.procs 44907 And this cgroup path (morfikownia/user/curl/) is permitted in nftables, and yet packets sometimes are visible like they had user.slice/user-1000.slice/user@1000.service/ path set. Why?
Because curl starts in this hierarchy and attempts network connection before your daemon moves curl into different cgroup. It is just as good stab in the dark as any other.
