On Fri, 27 Sep 2002, Greg KH wrote: > On Fri, Sep 27, 2002 at 08:55:52PM +0200, Olaf Dietsche wrote: > > > > +static int cap_ip_prot_sock (int port) > > +{ > > + if (port && port < PROT_SOCK && !capable(CAP_NET_BIND_SERVICE)) > > + return -EACCES; > > + > > + return 0; > > +} > > + > > Do we really want to force all of the security modules to implement this > logic (yes, it's the same discussion again...) > > As for the ip_prot_sock hook in general, does it look ok to the other > developers? > This hook is not necessary: any related access control decision can be made via the more generic and flexible socket_bind() hook (like SELinux). - James -- James Morris <jmorrisat_private> _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Sun Sep 29 2002 - 05:59:11 PDT