Re: [ANNOUNCE] UidBind LSM 0.1

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Roberto De Ioris <roberto@unbit.it>
To: casey@schaufler-ca.com
Cc: linux-kernel@vger.kernel.org
Subject: Re: [ANNOUNCE] UidBind LSM 0.1
Date: Tue, 24 Apr 2007 16:01:35 +0200	[thread overview]
Message-ID: <1177423295.6547.11.camel@hagrid> (raw)
In-Reply-To: <316971.67258.qm@web36607.mail.mud.yahoo.com>

[-- Attachment #1: Type: text/plain, Size: 1242 bytes --]

Il giorno mar, 24/04/2007 alle 06.51 -0700, Casey Schaufler ha scritto:
> --- Roberto De Ioris <roberto@unbit.it> wrote:
> 
> > Hi all,
> > this is a very simple module that allows bind() to tcp/udp port (>=1024)
> > only for the uids defined in a configfs tree.
> 
> Would you be so kind as to cross post to linux-security-module?
> Methinks that you might get additional valuable feedback there.


Surely, in the next hour i will release a new version with tcp/udp
support and the possibility to specify ipv4 addresses.
I will post in linux-security-module too

> 
> > It is a first version, it only works for PF_INET sockets and makes no
> > difference between tcp and udp (i am working on this)
> > 
> > For (little) more info see 
> > 
> > http://projects.unbit.it/uidbind/
> > 
> > Patch attached is for vanilla 2.6.20.7
> 
> It would be correct to return -EACCES rather than -EPERM in the
> access denial case. EACCES indicates that an access control decision
> failed, while EPERM indicates that use of a privileged operation
> was attempted while not possessing appropriate privilege.

Done, thanks :)


-- 
Roberto De Ioris
http://unbit.it
JID: roberto@jabber.unbit.it
Wii: 2999 4476 3509 0964

[-- Attachment #2: Questa è una parte del messaggio firmata digitalmente --]
[-- Type: application/pgp-signature, Size: 189 bytes --]

     prev parent reply	other threads:[~2007-04-24 14:01 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2007-04-23  8:54 [ANNOUNCE] UidBind LSM 0.1 Roberto De Ioris
2007-04-23 18:38 ` Gerhard Mack
2007-04-23 21:04   ` Roberto De Ioris
2007-04-24 13:51 ` Casey Schaufler
2007-04-24 14:01   ` Roberto De Ioris [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1177423295.6547.11.camel@hagrid \
    --to=roberto@unbit.it \
    --cc=casey@schaufler-ca.com \
    --cc=linux-kernel@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.