SH> Sorry, I think we've discussed this before but can't recall - does SH> setting sport here allow an unpriv user to bypass SH> CAP_NET_BIND_SERVICE? Yes, it does. I was kinda considering that part of the input sanity checking that I officially punted on. However, as far as I know, we'll just need to check that capability before we bind() in the listen/closed case and hash in the connected case. -- Dan Smith IBM Linux Technology Center email: danms@xxxxxxxxxx _______________________________________________ Containers mailing list Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linux-foundation.org/mailman/listinfo/containers
