Hi Philip, On Sat, 14 Nov 2015, Philip Whineray wrote: > Since it's in danger of getting quite complicate, would one or more of > the following be acceptable? > > - Choose permission in a module parameter > > - Allow setting with sysctl e.g. net.netfilter.conf.xtable_proc_perms > > - Match permissions of /proc/modules (grsec restricts these so we will > gain the same policy). In my opinion either one is good and I'd pick the sysctl setting. That way the permissions could be changed without reloading the module and independently of the permissions of /proc/modules. Best regards, Jozsef - E-mail : kadlec@xxxxxxxxxxxxxxxxx, kadlecsik.jozsef@xxxxxxxxxxxxx PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt Address : Wigner Research Centre for Physics, Hungarian Academy of Sciences H-1525 Budapest 114, POB. 49, Hungary -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
