Merge pull request #2130 from nybidari:iptables

PiperOrigin-RevId: 303208407
author: gVisor bot <gvisor-bot@google.com> 2020-03-26 15:47:00 -0700
committer: gVisor bot <gvisor-bot@google.com> 2020-03-26 15:47:00 -0700
commit: 0e62a548eb093c95e41780c753afa87f4ccc5c8f (patch)
tree: 66d1799ca488742ccee8961de2965f0ffd850467 /pkg/sentry/socket/netstack
parent: fbe80460a7eb34147b928fa1023b28a3c094c070 (diff)
parent: 92b9069b67b927cef25a1490ebd142ad6d65690d (diff)
1 files changed, 6 insertions, 0 deletions
diff --git a/pkg/sentry/socket/netstack/provider.go b/pkg/sentry/socket/netstack/provider.go
index 5f181f017..eb090e79b 100644
--- a/pkg/sentry/socket/netstack/provider.go
+++ b/pkg/sentry/socket/netstack/provider.go
@@ -126,6 +126,12 @@ func (p *provider) Socket(t *kernel.Task, stype linux.SockType, protocol int) (*
 		ep, e = eps.Stack.NewRawEndpoint(transProto, p.netProto, wq, associated)
 	} else {
 		ep, e = eps.Stack.NewEndpoint(transProto, p.netProto, wq)
+
+		// Assign task to PacketOwner interface to get the UID and GID for
+		// iptables owner matching.
+		if e == nil {
+			ep.SetOwner(t)
+		}
 	}
 	if e != nil {
 		return nil, syserr.TranslateNetstackError(e)
author	gVisor bot <gvisor-bot@google.com>	2020-03-26 15:47:00 -0700
committer	gVisor bot <gvisor-bot@google.com>	2020-03-26 15:47:00 -0700
commit	0e62a548eb093c95e41780c753afa87f4ccc5c8f (patch)
tree	66d1799ca488742ccee8961de2965f0ffd850467 /pkg/sentry/socket/netstack
parent	fbe80460a7eb34147b928fa1023b28a3c094c070 (diff)
parent	92b9069b67b927cef25a1490ebd142ad6d65690d (diff)