On Thu, 11 Mar 2004, Daniel J Walsh wrote: > Aleksey Nogin wrote: > Is nsupdate a program to be run by an ordinary user? > If yes we need to define a security context for nsupdate to allow it to > access the netlink_sockets. > > If we allow users access that any rogue app the user runs could access > the network devices. > Btw, longer term, we will be implementing finer grained Netlink controls, so policy will be able to e.g. query the routing table but not update it. - James -- James Morris <jmorris@xxxxxxxxxx>
