hey so, linux firewall question is there a way to make packets from application with basename "foo" to go directly to eth0 but everything else to go via default route? censorship resistance doesn't play well with low latency
any process info you want to access on write() must be captured at open time, and should be cheap to store.
-
-
files have an ->f_cred pointer. creds are only duplicated on privilege transition, so the kernel doesn't have to store many, but they can't contain a process name.)
-
(so if you feel like writing kernel code, a way to implement this in a less hacky way might be to use SELinux or AppArmor to do an automatic domain transition on file execution, and then add code to xt_owner and SELinux/AppArmor that permits matching on the domain from netfilter)
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.