Re: [ANNOUNCE][PATCH] New fs to control access to system resources

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Bill Nottingham: "Re: [BUG] cs46xx: sound distortion after hours of use"
• Previous message: Patrick Mochel: "Re: Why not "attach" patches?"

After applying your patch to 2.5.2, my named wouldn't start up (it
couldn't bind to port 921)

The below patch seems to have fixed that, and I think is probably the
right thing to do.

Index: net/ipv4/af_inet.c
===================================================================
RCS file: /mnt/white/cvsroot/linux/net/ipv4/af_inet.c,v
retrieving revision 1.2
diff -u -r1.2 af_inet.c
--- net/ipv4/af_inet.c 2002/01/15 21:20:02 1.2
+++ net/ipv4/af_inet.c 2002/01/15 22:04:00
@@ -511,7 +511,7 @@

snum = ntohs(addr->sin_port);
#ifdef CONFIG_ACCESS_FS
- if (snum && snum < PROT_SOCK && !accessfs_permitted(&bind_to_port[snum], MAY_EXEC))
+ if (snum && snum < PROT_SOCK && !accessfs_permitted(&bind_to_port[snum], MAY_EXEC) && !capable(CAP_NET_BIND_SERVICE))
#else
if (snum && snum < PROT_SOCK && !capable(CAP_NET_BIND_SERVICE))
#endif

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

• Next message: Bill Nottingham: "Re: [BUG] cs46xx: sound distortion after hours of use"
• Previous message: Patrick Mochel: "Re: Why not "attach" patches?"