Quoting Paul Menage (menage@xxxxxxxxxx): > On 9/10/07, Serge E. Hallyn <serue@xxxxxxxxxx> wrote: > > > > The only downside I see right now is what to do about a sendto() on a > > udp socket that hasn't been bound. > > Maybe have additional chains in the new iptable called "sendto" and > "recvfrom" that are invoked for those operations on unbound datagram > sockets? Yup. Perhaps the biggest upside of this approach is that it's providing network functionality in a way that should be much more familiar to network folks. As opposed to using an lsm with a new vfs interface. Is anyone working on this implementation, for comparison to the lsm patch? -serge _______________________________________________ Containers mailing list Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linux-foundation.org/mailman/listinfo/containers
