Re: [PATCH] accessfs v0.6 ported to 2.5.35-lsm1 - 1/2

From: Olaf Dietsche (olaf.dietsche--list.linux-security-module@exmail.de)
Date: Sun Sep 29 2002 - 09:49:12 EST

Next message: Alan Cox: "Re: v2.6 vs v3.0"
Previous message: Alan Cox: "Re: [PATCH] linux-2.5.39 - i8xx series chipsets patches (patch3)"
In reply to: James Morris: "Re: [PATCH] accessfs v0.6 ported to 2.5.35-lsm1 - 1/2"
Next in thread: Olaf Dietsche : "Re: [PATCH] accessfs v0.6 ported to 2.5.35-lsm1 - 1/2"
Reply: Olaf Dietsche : "Re: [PATCH] accessfs v0.6 ported to 2.5.35-lsm1 - 1/2"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

James Morris <jmorris@intercode.com.au> writes:

> On Fri, 27 Sep 2002, Greg KH wrote:
>
>> As for the ip_prot_sock hook in general, does it look ok to the other
>> developers?
>>
>
> This hook is not necessary: any related access control decision can be
> made via the more generic and flexible socket_bind() hook (like SELinux).

AFAICS, it looks like you can make _additional_ checks only. You still
have to grant CAP_NET_BIND_SERVICE for binding to ports below PROT_SOCK.
So, this doesn't look like a viable solution for me.

Anyway, thanks for this pointer, I'll look into socket_bind().

Regards, Olaf.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Alan Cox: "Re: v2.6 vs v3.0"
Previous message: Alan Cox: "Re: [PATCH] linux-2.5.39 - i8xx series chipsets patches (patch3)"
In reply to: James Morris: "Re: [PATCH] accessfs v0.6 ported to 2.5.35-lsm1 - 1/2"
Next in thread: Olaf Dietsche : "Re: [PATCH] accessfs v0.6 ported to 2.5.35-lsm1 - 1/2"
Reply: Olaf Dietsche : "Re: [PATCH] accessfs v0.6 ported to 2.5.35-lsm1 - 1/2"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Mon Sep 30 2002 - 22:00:40 EST