Re: [ANNOUNCE][PATCH] New fs to control access to system resources

• Next message: Andreas Dilger: "Re: Why not "attach" patches?"
• Previous message: H. Peter Anvin: "Re: 3.5G user space speed"
• In reply to: Olaf Dietsche: "[ANNOUNCE][PATCH] New fs to control access to system resources"
• Next in thread: Mark Cuss: "Measuring execution time"
• Reply: Mark Cuss: "Measuring execution time"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Olaf,

After applying your patch to 2.5.2, my named wouldn't start up (it
couldn't bind to port 921)

The below patch seems to have fixed that, and I think is probably the
right thing to do.

Index: net/ipv4/af_inet.c
===================================================================
RCS file: /mnt/white/cvsroot/linux/net/ipv4/af_inet.c,v
retrieving revision 1.2
diff -u -r1.2 af_inet.c
--- net/ipv4/af_inet.c 2002/01/15 21:20:02 1.2
+++ net/ipv4/af_inet.c 2002/01/15 22:04:00
@@ -511,7 +511,7 @@

         snum = ntohs(addr->sin_port);
 #ifdef CONFIG_ACCESS_FS
- if (snum && snum < PROT_SOCK && !accessfs_permitted(&bind_to_port[snum], MAY_EXEC))
+ if (snum && snum < PROT_SOCK && !accessfs_permitted(&bind_to_port[snum], MAY_EXEC) && !capable(CAP_NET_BIND_SERVICE))
 #else
         if (snum && snum < PROT_SOCK && !capable(CAP_NET_BIND_SERVICE))
 #endif

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

• Next message: Andreas Dilger: "Re: Why not "attach" patches?"
• Previous message: H. Peter Anvin: "Re: 3.5G user space speed"
• In reply to: Olaf Dietsche: "[ANNOUNCE][PATCH] New fs to control access to system resources"
• Next in thread: Mark Cuss: "Measuring execution time"
• Reply: Mark Cuss: "Measuring execution time"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Tue Jan 15 2002 - 21:00:53 EST