[Devel] [PATCH] netfilter: get UID and GID from container user ns on rule match
Stanislav Kinsburskiy
skinsbursky at virtuozzo.com
Tue Jun 6 13:28:15 MSK 2017
06.06.2017 12:27, Cyrill Gorcunov пишет:
> On Tue, Jun 06, 2017 at 01:23:55PM +0300, Cyrill Gorcunov wrote:
>> On Tue, Jun 06, 2017 at 02:00:32PM +0400, Stanislav Kinsburskiy wrote:
>>> It's good enough for us. It won't work properly in case of setting rules by
>>> joining container network namespace without VE cgroup, but it's acceptable,
>>> because proper fix needs a lot of backporting.
>>>
>>> https://jira.sw.ru/browse/PSBM-43609
>>>
>>> Signed-off-by: Stanislav Kinsburskiy <skinsbursky at virtuozzo.com>
>> Reviewed-by: Cyrill Gorcunov <gorcunov at openvz.org>
> This should do a trick on one-level user-ns at least. Should be enough
> for now but in longterm perspective we might still need to backport
> the complete user-ns rework as in vanilla.
Agreed.
More information about the Devel
mailing list