From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1755130Ab2GaClh (ORCPT ); Mon, 30 Jul 2012 22:41:37 -0400 Received: from cantor2.suse.de ([195.135.220.15]:53601 "EHLO mx2.suse.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752029Ab2GaClg (ORCPT ); Mon, 30 Jul 2012 22:41:36 -0400 Date: Tue, 31 Jul 2012 12:41:21 +1000 From: NeilBrown To: "C. Schmid" Cc: linux-kernel@vger.kernel.org Subject: Re: Complaint - pid-owner Support Removed (CONFIG_NETFILTER_XT_MATCH_OWNER) Message-ID: <20120731124121.5fe10478@notabene.brown> In-Reply-To: <5016DEE2.1060900@gmx.de> References: <5016DEE2.1060900@gmx.de> X-Mailer: Claws Mail 3.7.10 (GTK+ 2.24.7; x86_64-suse-linux-gnu) Mime-Version: 1.0 Content-Type: multipart/signed; micalg=PGP-SHA1; boundary="Sig_/.5zkL8h63KwXClON07o4byJ"; protocol="application/pgp-signature" Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org --Sig_/.5zkL8h63KwXClON07o4byJ Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable On Mon, 30 Jul 2012 21:22:10 +0200 "C. Schmid" wrote: > Hello, >=20 > i want to complain about the removal of the --pid-owner Support for=20 > iptables. >=20 > As far as i understand it this support was just removed without replaceme= nt. Yes, 7 years ago. http://git.kernel.org/?p=3Dlinux/kernel/git/torvalds/linux.git;a=3Dcommitdi= ff;h=3D34b4a4a624bafe089107966a6c56d2a1aca026d4 "Unfixably broken" What problem are you trying to solve? I suspect you would be able to solve it by dedicating a group-id to the program that you want to allow through t= he firewall, and making sure it runs with that group-id. (ignoring remainder of email as it seems to be more emotional than factual). NeilBrown >=20 > I would have expected, that if anything you would have improved the=20 > support for pid's and especially for desktop firewalls. >=20 > But it seems that some rumors, like you only care for 'big iron' are not= =20 > that easily dismissed. >=20 > I would encourage you to at least try to keep up with essential feature=20 > support, especially when it comes to desktop firewalls (for example=20 > zonealarm). >=20 > I believe focusing on server infrastucture while abandoning desktop=20 > infrastructure will not do much good in mid and long term. >=20 >=20 >=20 > Sincerly >=20 >=20 > Christian Schmid > -- > To unsubscribe from this list: send the line "unsubscribe linux-kernel" in > the body of a message to majordomo@vger.kernel.org > More majordomo info at http://vger.kernel.org/majordomo-info.html > Please read the FAQ at http://www.tux.org/lkml/ --Sig_/.5zkL8h63KwXClON07o4byJ Content-Type: application/pgp-signature; name=signature.asc Content-Disposition: attachment; filename=signature.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.18 (GNU/Linux) iQIVAwUBUBdF0Tnsnt1WYoG5AQLFWxAAlh+HpU1d66zxzNmBHBngC/fq7e+cp8rF ZX8xEgWELRJIMgCZzx1DgjPKB12UNrdHxxZdoX92/xON2Fvmm/1SghtudfoDBjYZ 2fyxrLVBAc3K9bC8hpkNGaFzA/lrhaH2HxGkSpErlFxLKQBnFsDPC9MeX3y3ufGL pTQsepuyCDpxtjeASUBtaHj2HsYlcFl6/m9FwGgL5SUPbul8HeJVHH7INtRKQfA1 Xpip6LVKuW1UmGicfEyaTxcWlJLN6qZ85TFuYf1rXY9Nzg/XUz3MHiZnBMRgWtIg ERLDRfmQGcgZyCXvz7WP5nkDN3w3VZeFBw17p4G0JIB8SDE1FVpjTdcdjFkiY5ts nPkOAv4fi10OWX1sl9DQKb7NSn6vSl/CCCylgXS410grd9zDOmp8IRlam1oQE+KU 9EvksLLAi3vCls+lw8gtDOmYBUaNGzd6raB11BGSuEY271RurtqixvzPggxQJ3Qs vHfJkyd9l6X+/eKyyV2xtBGjY+OdCu6Pof0Qrny8a/8G8OW0WzTxDsAYS7ts706F Zv3SdEIdpmFQq23T17Ue+ntMAPU7E4kA/UQmuDJK16vwgmKygxTYqLrb9PqnsPAa hLqL3M5XE8HexC6YaGwwP1hwwu6E7vKYo9janJZQ7ARO/qOkS7DN+qoZzCw3CIXd 4Z3DtxXorVY= =UyID -----END PGP SIGNATURE----- --Sig_/.5zkL8h63KwXClON07o4byJ--