[Devel] Re: LSM stacking/secondary modules / RFC: Socket MAC LSM
Paul Menage
menage at google.com
Thu Jan 15 09:25:34 PST 2009
On Thu, Jan 15, 2009 at 5:57 AM, Stephan Peijnik <stephan at peijnik.at> wrote:
>
> So Paul, do you think the interface would be of any use to you?
Potentially, yes. My concern was that we not add another new
(incomplete) userspace API in cgroups for doing socket permissions -
hooking into iptables was one way to do it, but if sactl is going to
become the official way to do this, then hooking a cgroups filter into
that seems like a good alternative.
Paul
_______________________________________________
Containers mailing list
Containers at lists.linux-foundation.org
https://lists.linux-foundation.org/mailman/listinfo/containers
More information about the Devel
mailing list