On 6 Nov 2003, Yuan ChunYang wrote: > hi, in selinux ,there is "name_bind" permission check in > selinux_socket_bind permission. It's said that "If PF_INET, check > name_bind permission for the port" . > Can somebody tell me what's name_bind permission and difference with > "bind" permission? > thanx! The bind permission is used to control whether a socket is allowed to have bind(3) called on it. The name_bind permission is a further check between a socket and the port it is being bound to, if the port is outside the local port range (determined by the sysctl net.ipv4.ip_local_port_range) and/or is a protected port. See http://www.nsa.gov/selinux/doc/module/x2042.html, and policy examples. - James -- James Morris <jmorris@private>
This archive was generated by hypermail 2b30 : Wed Nov 05 2003 - 21:20:18 PST