Re: [PATCH] accessfs v0.6 ported to 2.5.35-lsm1 - 1/2

From: Olaf Dietsche (olaf.dietsche--list.linux-security-moduleat_private)
Date: Sun Sep 29 2002 - 07:49:12 PDT

  • Next message: Serge E. Hallyn: "graft_tree/attach_mnt rfc"

    James Morris <jmorrisat_private> writes:
    
    > On Fri, 27 Sep 2002, Greg KH wrote:
    >
    >> As for the ip_prot_sock hook in general, does it look ok to the other
    >> developers?
    >> 
    >
    > This hook is not necessary: any related access control decision can be
    > made via the more generic and flexible socket_bind() hook (like SELinux).
    
    AFAICS, it looks like you can make _additional_ checks only. You still
    have to grant CAP_NET_BIND_SERVICE for binding to ports below PROT_SOCK.
    So, this doesn't look like a viable solution for me.
    
    Anyway, thanks for this pointer, I'll look into socket_bind().
    
    Regards, Olaf.
    _______________________________________________
    linux-security-module mailing list
    linux-security-moduleat_private
    http://mail.wirex.com/mailman/listinfo/linux-security-module
    



    This archive was generated by hypermail 2b30 : Sun Sep 29 2002 - 07:50:18 PDT