Hi Stephen, On 08/25/2011 05:44 PM, Stephen Hemminger wrote: > What about using netfilter (with extensions)? We already have iptables > module to match on uid or gid. It wouldn't be hard to extend this to > other bits of meta data like originating and target containers.