Re: Unable open raw socket in CentOS 5 - SE Linux andkernelcapability interaction?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


I was hoping that either via kernel capabilities or SE Linux that we  
could avoid this. Both seem to offer exactly the feature we want,  
opening raw sockets from unprivileged accounts. But it's really  
unclear from all the doc's online how these two interact. Best we  
could do was try all the examples and approaches we could find - none  
worked.

I guess I can try trolling the kernel source ... ugh! ... to see if  
your recollection is correct. I certainly hope there is another  
option ...

Thanks
S

I think Ross is right. At my last contract with IBM some years back, we
were doing some raw socket stuff. ISTR that we had no problems because
we were real root applications. IIRC, docs specified root privileges.

I completely agree with the fact that raw sockets require root privilege, that is the situation we're currently in and don't want to continue with. But am I then completely misunderstanding when I think that SE Linux can allow non-root access to certain "normally root only" capabilities, on a per process basis? Certainly all the ping-related SE Linux examples online all show precisely this: provide access to raw sockets for a non-root process. 

S
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux