netfilter: xt_qtaguid: add uid permission checks during ctrl/stats access - snowball/legacy-kernel.git

diff options

author	JP Abgrall <jpa@google.com>	2011-07-17 16:07:23 -0700
committer	JP Abgrall <jpa@google.com>	2011-07-21 18:04:46 -0700
commit	0b893f0f37736c1e26655f04d51706dfba417171 (patch)
tree	05cb4754030b59b9ed6a72843b830098ae8f056c /security
parent	c477e60b6689d36121f7cabaea449c4014705078 (diff)

netfilter: xt_qtaguid: add uid permission checks during ctrl/stats access

* uid handling - Limit UID impersonation to processes with a gid in AID_NET_BW_ACCT. This affects socket tagging, and data removal. - Limit stats lookup to own uid or the process gid is in AID_NET_BW_STATS. This affects stats lookup. * allow pacifying the module Setting passive to Y/y will make the module return immediately on external stimulus. No more stats and silent success on ctrl writes. Mainly used when one suspects this module of misbehaving. Change-Id: I83990862d52a9b0922aca103a0f61375cddeb7c4 Signed-off-by: JP Abgrall <jpa@google.com>

Diffstat (limited to 'security')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: