Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S262617AbVCJO0a (ORCPT ); Thu, 10 Mar 2005 09:26:30 -0500 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S262631AbVCJO0a (ORCPT ); Thu, 10 Mar 2005 09:26:30 -0500 Received: from pentafluge.infradead.org ([213.146.154.40]:49306 "EHLO pentafluge.infradead.org") by vger.kernel.org with ESMTP id S262617AbVCJO02 (ORCPT ); Thu, 10 Mar 2005 09:26:28 -0500 Subject: Re: [patch 1/1] /proc/$$/ipaddr and per-task networking bits From: Arjan van de Ven To: Lorenzo =?ISO-8859-1?Q?Hern=E1ndez_?= =?ISO-8859-1?Q?Garc=EDa-Hierro?= Cc: "linux-kernel@vger.kernel.org" In-Reply-To: <1110464202.9190.7.camel@localhost.localdomain> References: <1110464202.9190.7.camel@localhost.localdomain> Content-Type: text/plain; charset=UTF-8 Date: Thu, 10 Mar 2005 15:26:21 +0100 Message-Id: <1110464782.6291.95.camel@laptopd505.fenrus.org> Mime-Version: 1.0 X-Mailer: Evolution 2.0.2 (2.0.2-3) Content-Transfer-Encoding: 8bit X-Spam-Score: 4.1 (++++) X-Spam-Report: SpamAssassin version 2.63 on pentafluge.infradead.org summary: Content analysis details: (4.1 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.3 RCVD_NUMERIC_HELO Received: contains a numeric HELO 1.1 RCVD_IN_DSBL RBL: Received via a relay in list.dsbl.org [] 2.5 RCVD_IN_DYNABLOCK RBL: Sent directly from dynamic IP address [80.57.133.107 listed in dnsbl.sorbs.net] 0.1 RCVD_IN_SORBS RBL: SORBS: sender is listed in SORBS [80.57.133.107 listed in dnsbl.sorbs.net] X-SRS-Rewrite: SMTP reverse-path rewritten from by pentafluge.infradead.org See http://www.infradead.org/rpr.html Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1133 Lines: 25 On Thu, 2005-03-10 at 15:16 +0100, Lorenzo Hernández García-Hierro wrote: > Ported feature from grSecurity that makes possible to add an ipaddr > entry in each /proc/ (/proc//ipaddr), where the task originating > IP address is stored, and subsequently made available (readable) by the process > itself and also the root user with CAP_DAC_OVERRIDE capability (that can be managed > by specific security models implementations like SELinux). > Available also at http://pearls.tuxedo-es.org/patches/task-curr_ip.patch a few questions 1) Why is this a config option; if it's useful it should just be always on really 2) Can you explain briefly what this is useful for? 3) How does this work for existing stuff if, say, your dhcp lease changes and your machine no longer owns a certain IP, what will happen to the tasks? 4) if a machine has multiple IPs.. which one is chosen ? - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/