iptables: support gid match for owner matching.

- Added support for matching gid owner and invert flag for uid and gid. $ iptables -A OUTPUT -p tcp -m owner --gid-owner root -j ACCEPT $ iptables -A OUTPUT -p tcp -m owner ! --uid-owner root -j ACCEPT $ iptables -A OUTPUT -p tcp -m owner ! --gid-owner root -j DROP - Added tests for uid, gid and invert flags.
author: Nayana Bidari <nybidari@google.com> 2020-05-12 12:14:56 -0700
committer: Nayana Bidari <nybidari@google.com> 2020-05-12 12:20:47 -0700
commit: 27b1f19cabe04effbb37fa6a680b65987b379313 (patch)
tree: 057b99f838d1588cb8b5944c49cdef3f6522510e /test/iptables/iptables_test.go
parent: 06ded1c4372d4871f0581c7090957935d93cd50e (diff)
1 files changed, 20 insertions, 0 deletions
diff --git a/test/iptables/iptables_test.go b/test/iptables/iptables_test.go
index 84eb75a40..4fd2cb46a 100644
--- a/test/iptables/iptables_test.go
+++ b/test/iptables/iptables_test.go
@@ -167,6 +167,26 @@ func TestFilterOutputOwnerFail(t *testing.T) {
 	singleTest(t, FilterOutputOwnerFail{})
 }
 
+func TestFilterOutputAcceptGIDOwner(t *testing.T) {
+	singleTest(t, FilterOutputAcceptGIDOwner{})
+}
+
+func TestFilterOutputDropGIDOwner(t *testing.T) {
+	singleTest(t, FilterOutputDropGIDOwner{})
+}
+
+func TestFilterOutputInvertGIDOwner(t *testing.T) {
+	singleTest(t, FilterOutputInvertGIDOwner{})
+}
+
+func TestFilterOutputInvertUIDOwner(t *testing.T) {
+	singleTest(t, FilterOutputInvertUIDOwner{})
+}
+
+func TestFilterOutputInvertUIDAndGIDOwner(t *testing.T) {
+	singleTest(t, FilterOutputInvertUIDAndGIDOwner{})
+}
+
 func TestFilterOutputInterfaceAccept(t *testing.T) {
 	singleTest(t, FilterOutputInterfaceAccept{})
 }
author	Nayana Bidari <nybidari@google.com>	2020-05-12 12:14:56 -0700
committer	Nayana Bidari <nybidari@google.com>	2020-05-12 12:20:47 -0700
commit	27b1f19cabe04effbb37fa6a680b65987b379313 (patch)
tree	057b99f838d1588cb8b5944c49cdef3f6522510e /test/iptables/iptables_test.go
parent	06ded1c4372d4871f0581c7090957935d93cd50e (diff)