Re: [PATCH] accessfs v0.6 ported to 2.5.35-lsm1 - 1/2

Previous message: Olaf Dietsche: "Re: [PATCH] accessfs v0.6 ported to 2.5.35-lsm1 - 1/2"
In reply to: Greg KH: "Re: [PATCH] accessfs v0.6 ported to 2.5.35-lsm1 - 1/2"
Next in thread: Olaf Dietsche: "Re: [PATCH] accessfs v0.6 ported to 2.5.35-lsm1 - 1/2"
Reply: Olaf Dietsche: "Re: [PATCH] accessfs v0.6 ported to 2.5.35-lsm1 - 1/2"
Reply: Chris Wright: "Re: [PATCH] accessfs v0.6 ported to 2.5.35-lsm1 - 1/2"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

jmorrisat_private

On Fri, 27 Sep 2002, Greg KH wrote:

> On Fri, Sep 27, 2002 at 08:55:52PM +0200, Olaf Dietsche wrote:
> >  
> > +static int cap_ip_prot_sock (int port)
> > +{
> > +	if (port && port < PROT_SOCK && !capable(CAP_NET_BIND_SERVICE))
> > +		return -EACCES;
> > +
> > +	return 0;
> > +}
> > +
> 
> Do we really want to force all of the security modules to implement this
> logic (yes, it's the same discussion again...)
> 
> As for the ip_prot_sock hook in general, does it look ok to the other
> developers?
> 

This hook is not necessary: any related access control decision can be
made via the more generic and flexible socket_bind() hook (like SELinux).

- James
-- 
James Morris
<jmorrisat_private>

_______________________________________________
linux-security-module mailing list
linux-security-moduleat_private
http://mail.wirex.com/mailman/listinfo/linux-security-module