On Tue, 1 Oct 2002, Olaf Dietsche wrote: > Well, we'll never know until we try :-). Besides that, sys_bind() and > inet_bind() are on an entirely different level. Sorry, but I'm not in favour of this hook. Firstly, as far as I can tell, what you're trying to do in accessfs is provide fine grained control over access to ports with otherwise normal Unix user/group/other file permissions, and the purpose of the hook is to determine the range of ports which are protected by this scheme. This is unnecessarily overloading the existing kernel logic relating to reserved ports as part of a quite different access control model. Secondly, what accessfs (and this hook) is trying to do is essentially authoritative+permissive, a model not explicitly supported by LSM at this point. Please don't get me wrong: I think the general idea of accessfs is pretty cool, but it seems to be out of scope for LSM as a restrictive framework. - James -- James Morris <jmorrisat_private> _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Wed Oct 02 2002 - 04:42:53 PDT