netfilter: nftables: Do not run chains in the wrong network namespace - blaster4385/linux-IllusionX - Linux kernel with personal config changes for arch linux

diff options

author	Eric W. Biederman <[email protected]>	2015-06-19 10:41:21 -0500
committer	David S. Miller <[email protected]>	2015-06-23 06:23:22 -0700
commit	fdab6a4cbd8933092155449ca7253eba973ada14 (patch)
tree	e828a7a7716d382cc0ad63f21fe448b78584ac7a /tools/perf/scripts/python/Perf-Trace-Util/lib/Perf/Trace/Util.py
parent	dfe816c5e37272f2f3c1311f0e9934e1b4229261 (diff)

netfilter: nftables: Do not run chains in the wrong network namespace

Currenlty nf_tables chains added in one network namespace are being run in all network namespace. The issues are myriad with the simplest being an unprivileged user can cause any network packets to be dropped. Address this by simply not running nf_tables chains in the wrong network namespace. Cc: [email protected] Signed-off-by: "Eric W. Biederman" <[email protected]> Acked-by: Pablo Neira Ayuso <[email protected]> Signed-off-by: David S. Miller <[email protected]>

Diffstat (limited to 'tools/perf/scripts/python/Perf-Trace-Util/lib/Perf/Trace/Util.py')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: