Re: Complaint - pid-owner Support Removed (CONFIG_NETFILTER_XT_MATCH_OWNER)
On Tue, 31 Jul 2012 12:41:21 +1000, NeilBrown said: > On Mon, 30 Jul 2012 21:22:10 +0200 "C. Schmid" > wrote: > > i want to complain about the removal of the --pid-owner Support for > > iptables. > > As far as i understand it this support was just removed without replacement. > > Yes, 7 years ago. > "Unfixably broken" Even *before* it was removed, it declared itself "broken on SMP" (which is a good hint on exactly *why* it was unfixable), and why it's not applicable to most modern desktop systems anyhow - even an iPad is a dual-core. And to be honest, the "Linux only cares about big iron not the desktop" is a total red herring - if anything, many laptops *are* essentially a single-user environment, while big iron boxes are even *more* concerned about per-user issues. I just checked one of the compute clusters across the hall, 1100+ actual users defined. How often do desktops/laptops have that many real live users? pgp9emhwKtjbv.pgp Description: PGP signature
Re: Complaint - pid-owner Support Removed (CONFIG_NETFILTER_XT_MATCH_OWNER)
On Tue, 31 Jul 2012 12:41:21 +1000, NeilBrown said: On Mon, 30 Jul 2012 21:22:10 +0200 C. Schmid christian.schmi...@gmx.de wrote: i want to complain about the removal of the --pid-owner Support for iptables. As far as i understand it this support was just removed without replacement. Yes, 7 years ago. Unfixably broken Even *before* it was removed, it declared itself broken on SMP (which is a good hint on exactly *why* it was unfixable), and why it's not applicable to most modern desktop systems anyhow - even an iPad is a dual-core. And to be honest, the Linux only cares about big iron not the desktop is a total red herring - if anything, many laptops *are* essentially a single-user environment, while big iron boxes are even *more* concerned about per-user issues. I just checked one of the compute clusters across the hall, 1100+ actual users defined. How often do desktops/laptops have that many real live users? pgp9emhwKtjbv.pgp Description: PGP signature
Re: Complaint - pid-owner Support Removed (CONFIG_NETFILTER_XT_MATCH_OWNER)
On Mon, 30 Jul 2012 21:22:10 +0200 "C. Schmid" wrote: > Hello, > > i want to complain about the removal of the --pid-owner Support for > iptables. > > As far as i understand it this support was just removed without replacement. Yes, 7 years ago. http://git.kernel.org/?p=linux/kernel/git/torvalds/linux.git;a=commitdiff;h=34b4a4a624bafe089107966a6c56d2a1aca026d4 "Unfixably broken" What problem are you trying to solve? I suspect you would be able to solve it by dedicating a group-id to the program that you want to allow through the firewall, and making sure it runs with that group-id. (ignoring remainder of email as it seems to be more emotional than factual). NeilBrown > > I would have expected, that if anything you would have improved the > support for pid's and especially for desktop firewalls. > > But it seems that some rumors, like you only care for 'big iron' are not > that easily dismissed. > > I would encourage you to at least try to keep up with essential feature > support, especially when it comes to desktop firewalls (for example > zonealarm). > > I believe focusing on server infrastucture while abandoning desktop > infrastructure will not do much good in mid and long term. > > > > Sincerly > > > Christian Schmid > -- > To unsubscribe from this list: send the line "unsubscribe linux-kernel" in > the body of a message to majord...@vger.kernel.org > More majordomo info at http://vger.kernel.org/majordomo-info.html > Please read the FAQ at http://www.tux.org/lkml/ signature.asc Description: PGP signature
Complaint - pid-owner Support Removed (CONFIG_NETFILTER_XT_MATCH_OWNER)
Hello, i want to complain about the removal of the --pid-owner Support for iptables. As far as i understand it this support was just removed without replacement. I would have expected, that if anything you would have improved the support for pid's and especially for desktop firewalls. But it seems that some rumors, like you only care for 'big iron' are not that easily dismissed. I would encourage you to at least try to keep up with essential feature support, especially when it comes to desktop firewalls (for example zonealarm). I believe focusing on server infrastucture while abandoning desktop infrastructure will not do much good in mid and long term. Sincerly Christian Schmid -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Complaint - pid-owner Support Removed (CONFIG_NETFILTER_XT_MATCH_OWNER)
Hello, i want to complain about the removal of the --pid-owner Support for iptables. As far as i understand it this support was just removed without replacement. I would have expected, that if anything you would have improved the support for pid's and especially for desktop firewalls. But it seems that some rumors, like you only care for 'big iron' are not that easily dismissed. I would encourage you to at least try to keep up with essential feature support, especially when it comes to desktop firewalls (for example zonealarm). I believe focusing on server infrastucture while abandoning desktop infrastructure will not do much good in mid and long term. Sincerly Christian Schmid -- To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Complaint - pid-owner Support Removed (CONFIG_NETFILTER_XT_MATCH_OWNER)
On Mon, 30 Jul 2012 21:22:10 +0200 C. Schmid christian.schmi...@gmx.de wrote: Hello, i want to complain about the removal of the --pid-owner Support for iptables. As far as i understand it this support was just removed without replacement. Yes, 7 years ago. http://git.kernel.org/?p=linux/kernel/git/torvalds/linux.git;a=commitdiff;h=34b4a4a624bafe089107966a6c56d2a1aca026d4 Unfixably broken What problem are you trying to solve? I suspect you would be able to solve it by dedicating a group-id to the program that you want to allow through the firewall, and making sure it runs with that group-id. (ignoring remainder of email as it seems to be more emotional than factual). NeilBrown I would have expected, that if anything you would have improved the support for pid's and especially for desktop firewalls. But it seems that some rumors, like you only care for 'big iron' are not that easily dismissed. I would encourage you to at least try to keep up with essential feature support, especially when it comes to desktop firewalls (for example zonealarm). I believe focusing on server infrastucture while abandoning desktop infrastructure will not do much good in mid and long term. Sincerly Christian Schmid -- To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/ signature.asc Description: PGP signature