> On Fri, Sep 27, 2002 at 08:55:52PM +0200, Olaf Dietsche wrote:
> >
> > +static int cap_ip_prot_sock (int port)
> > +{
> > + if (port && port < PROT_SOCK && !capable(CAP_NET_BIND_SERVICE))
> > + return -EACCES;
> > +
> > + return 0;
> > +}
> > +
>
> Do we really want to force all of the security modules to implement this
> logic (yes, it's the same discussion again...)
>
> As for the ip_prot_sock hook in general, does it look ok to the other
> developers?
>
This hook is not necessary: any related access control decision can be
made via the more generic and flexible socket_bind() hook (like SELinux).
- James
-- James Morris <jmorris@intercode.com.au>
- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/