On Fri, Jun 19, 2015 at 10:41:21AM -0500, Eric W. Biederman wrote: > > Currenlty nf_tables chains added in one network namespace are being > run in all network namespace. The issues are myriad with the simplest > being an unprivileged user can cause any network packets to be dropped. > > Address this by simply not running nf_tables chains in the wrong > network namespace. > > Cc: [email protected] > Signed-off-by: "Eric W. Biederman" <[email protected]>
Acked-by: Pablo Neira Ayuso <[email protected]> @David: Patrick sent a similar patch to address this, if you can get this into the net tree, I'll make sure this propagates to -stable. Thanks. -- To unsubscribe from this list: send the line "unsubscribe netdev" in
