Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1759343AbZAHMKx (ORCPT ); Thu, 8 Jan 2009 07:10:53 -0500 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S1754512AbZAHMKl (ORCPT ); Thu, 8 Jan 2009 07:10:41 -0500 Received: from rhun.apana.org.au ([64.62.148.172]:51089 "EHLO arnor.apana.org.au" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1753026AbZAHMKj (ORCPT ); Thu, 8 Jan 2009 07:10:39 -0500 Date: Thu, 8 Jan 2009 23:10:27 +1100 From: Herbert Xu To: alan@lxorguk.ukuu.org.uk Cc: michael@laptop.org, andi@firstfloor.org, linux-kernel@vger.kernel.org, netdev@vger.kernel.org Subject: Re: RFC: Network privilege separation. Message-ID: <20090108121027.GA3226@gondor.apana.org.au> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.5.18 (2008-05-17) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 883 Lines: 21 Alan Cox wrote: > > That to me says controlling network access is only useful as part of a > more fine grained and general purpose interface. We already have that > interface in the form of things like SELinux. We already have systems > actively using it to control stuff like which ports are accessed by some > services. Exactly. If people want this they should go the SELinux/LSM route. Cheers, -- Visit Openswan at http://www.openswan.org/ Email: Herbert Xu ~{PmV>HI~} Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/