Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id ; Sun, 29 Sep 2002 08:51:29 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id ; Sun, 29 Sep 2002 08:51:28 -0400 Received: from blackbird.intercode.com.au ([203.32.101.10]:33298 "EHLO blackbird.intercode.com.au") by vger.kernel.org with ESMTP id ; Sun, 29 Sep 2002 08:51:28 -0400 Date: Sun, 29 Sep 2002 22:56:33 +1000 (EST) From: James Morris To: Greg KH cc: Olaf Dietsche , , Subject: Re: [PATCH] accessfs v0.6 ported to 2.5.35-lsm1 - 1/2 In-Reply-To: <20020927214642.GS12909@kroah.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 952 Lines: 35 On Fri, 27 Sep 2002, Greg KH wrote: > On Fri, Sep 27, 2002 at 08:55:52PM +0200, Olaf Dietsche wrote: > > > > +static int cap_ip_prot_sock (int port) > > +{ > > + if (port && port < PROT_SOCK && !capable(CAP_NET_BIND_SERVICE)) > > + return -EACCES; > > + > > + return 0; > > +} > > + > > Do we really want to force all of the security modules to implement this > logic (yes, it's the same discussion again...) > > As for the ip_prot_sock hook in general, does it look ok to the other > developers? > This hook is not necessary: any related access control decision can be made via the more generic and flexible socket_bind() hook (like SELinux). - James -- James Morris - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/