From: David Ahern <dsah...@gmail.com> Date: Fri, 25 Aug 2017 12:05:33 -0700
> Add option to set mark and priority in addition to bound device for newly > created sockets. Also, allow the bpf programs to use the get_current_uid_gid > helper meaning socket marks, priority and device can be set base on the > uid/gid of the running process. > > For flexbility in deploying these programs, option is added to allow cgroups > to be walked from current to root running any program attached. This allows > one cgroup level to control the device a socket is bound to (e.g, a VRF) while > cgroups can be used to set socket marks and priority. > > Sample programs are updated to demonstrate the new options. > > v2 > - added flag to control recursive behavior as requested by Alexei > - added comment to sock_filter_func_proto regarding use of > get_current_uid_gid helper > - updated test programs for recursive option I'm marking this patch series as "deferred" while the semantic issues keep getting discussed. Thanks.
