Re: [PATCH] accessfs v0.6 ported to 2.5.35-lsm1 - 1/2

From: James Morris (jmorrisat_private)
Date: Sun Sep 29 2002 - 05:56:33 PDT

  • Next message: James Morris: "Re: [RFC] No more module_* hooks"

    On Fri, 27 Sep 2002, Greg KH wrote:
    
    > On Fri, Sep 27, 2002 at 08:55:52PM +0200, Olaf Dietsche wrote:
    > >  
    > > +static int cap_ip_prot_sock (int port)
    > > +{
    > > +	if (port && port < PROT_SOCK && !capable(CAP_NET_BIND_SERVICE))
    > > +		return -EACCES;
    > > +
    > > +	return 0;
    > > +}
    > > +
    > 
    > Do we really want to force all of the security modules to implement this
    > logic (yes, it's the same discussion again...)
    > 
    > As for the ip_prot_sock hook in general, does it look ok to the other
    > developers?
    > 
    
    This hook is not necessary: any related access control decision can be
    made via the more generic and flexible socket_bind() hook (like SELinux).
    
    
    - James
    -- 
    James Morris
    <jmorrisat_private>
    
    
    _______________________________________________
    linux-security-module mailing list
    linux-security-moduleat_private
    http://mail.wirex.com/mailman/listinfo/linux-security-module
    



    This archive was generated by hypermail 2b30 : Sun Sep 29 2002 - 05:59:11 PDT