James Morris <jmorrisat_private> writes: > On Fri, 27 Sep 2002, Greg KH wrote: > >> As for the ip_prot_sock hook in general, does it look ok to the other >> developers? >> > > This hook is not necessary: any related access control decision can be > made via the more generic and flexible socket_bind() hook (like SELinux). AFAICS, it looks like you can make _additional_ checks only. You still have to grant CAP_NET_BIND_SERVICE for binding to ports below PROT_SOCK. So, this doesn't look like a viable solution for me. Anyway, thanks for this pointer, I'll look into socket_bind(). Regards, Olaf. _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Sun Sep 29 2002 - 07:50:18 PDT