From: ebied...@xmission.com (Eric W. Biederman)
Date: Fri, 19 Jun 2015 10:41:21 -0500
>
> Currenlty nf_tables chains added in one network namespace are being
> run in all network namespace. The issues are myriad with the simplest
> being an unprivileged user can cause any network packets to be d
On Fri, Jun 19, 2015 at 10:41:21AM -0500, Eric W. Biederman wrote:
>
> Currenlty nf_tables chains added in one network namespace are being
> run in all network namespace. The issues are myriad with the simplest
> being an unprivileged user can cause any network packets to be dropped.
>
> Address
Currenlty nf_tables chains added in one network namespace are being
run in all network namespace. The issues are myriad with the simplest
being an unprivileged user can cause any network packets to be dropped.
Address this by simply not running nf_tables chains in the wrong
network namespace.
C
