search for: local_peercr

v2 was here: https://www.redhat.com/archives/libguestfs/2020-October/msg00019.html v3: * defence -> defense * Use int64_t instead of int. This compiles on Windows. * Add GC wrappers to OCaml bindings. * New FreeBSD patch. * Removed "pid:" example from the ip filter manual, and added a warning beside the pid documentation. Rich.

...uot;); + } + if (gid && ucred.gid >= 0) { + if (ucred.gid <= INT_MAX) + *gid = ucred.gid; + else + nbdkit_error ("gid out of range: cannot be mapped to int"); + } + + return 0; +} + +#else /* !SO_PEERCRED */ + +/* Note this could be ported to FreeBSD, see LOCAL_PEERCRED in: + * https://www.freebsd.org/cgi/man.cgi?query=unix&sektion=4 + */ +static int +get_peercred (int s, int *pid, int *uid, int *gid) +{ + nbdkit_error ("nbdkit_peer_pid, nbdkit_peer_uid and nbdkit_peer_gid " + "are not supported on this platform"); + retu...

These two commits add new APIs and enhance nbdkit-ip-filter to allow filtering of Unix domain sockets by the client's PID, UID or GID. eg: nbdkit -U sock --filter=ip ... allow=uid:`id -u` deny=all Rich.

This is just a simple update to: https://www.redhat.com/archives/libguestfs/2020-October/msg00015.html rebased on top of current nbdkit master because I pushed a few simple refactorings. Rich.

(Second try to send this. I wonder if the first one gotten eaten by a spam filter; I'll link to patches instead of attaching them.) Here are the tincctl patches I've been working on. They apply to http://www.tinc-vpn.org/svn/tinc/branches/1.1@1545. I intend to commit them once the crypto stuff's fixed. Since they're basically done, I'm emailing them now for review and in case