Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id ; Sun, 29 Sep 2002 10:44:19 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id ; Sun, 29 Sep 2002 10:44:19 -0400 Received: from mailout03.sul.t-online.com ([194.25.134.81]:51118 "EHLO mailout03.sul.t-online.com") by vger.kernel.org with ESMTP id ; Sun, 29 Sep 2002 10:44:18 -0400 To: James Morris Cc: Greg KH , , Subject: Re: [PATCH] accessfs v0.6 ported to 2.5.35-lsm1 - 1/2 References: From: Olaf Dietsche Date: Sun, 29 Sep 2002 16:49:12 +0200 Message-ID: <87it0o4zrr.fsf@goat.bogus.local> User-Agent: Gnus/5.090005 (Oort Gnus v0.05) XEmacs/21.4 (Honest Recruiter, i386-debian-linux) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 854 Lines: 18 James Morris writes: > On Fri, 27 Sep 2002, Greg KH wrote: > >> As for the ip_prot_sock hook in general, does it look ok to the other >> developers? >> > > This hook is not necessary: any related access control decision can be > made via the more generic and flexible socket_bind() hook (like SELinux). AFAICS, it looks like you can make _additional_ checks only. You still have to grant CAP_NET_BIND_SERVICE for binding to ports below PROT_SOCK. So, this doesn't look like a viable solution for me. Anyway, thanks for this pointer, I'll look into socket_bind(). Regards, Olaf. - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/