on 3-7-2008 1:48 PM S Roderick spake the following:
I was hoping that either via kernel capabilities or SE Linux that we could avoid this. Both seem to offer exactly the feature we want, opening raw sockets from unprivileged accounts. But it's really unclear from all the doc's online how these two interact. Best we could do was try all the examples and approaches we could find - none worked.I guess I can try trolling the kernel source ... ugh! ... to see if your recollection is correct. I certainly hope there is another option ...Thanks S
I am fairly sure of the same thing. Only root has access to raw sockets.To quote the kernel hackers guide,"To use RAW sockets in Unix it it mandatory that one be a root ." I can't see something like Selinux allowing something like this, as it is a security no-no. 2.4 I believe had an ACL patch that did something in this general area, but I don't remember how or what.
-- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!!
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos
