I've created a patch to 2.6.1 (i386 only, for now) which implements Dan Bernstein's disablenetwork() syscall, which allows any process to abandon its ability (and the ability of any subsequently forked or exec'd processes) to use bind(), connect(), sendto() and socket().
The patch is available at http://www.dlitz.net/software/patches/disablenetwork/ , and I'd really appreciate any feedback (this is my first real kernel modification).
Thanks,
-- Dwayne C. Litzenberger <dlitz@dlitz.net>
This message contains an OpenPGP/MIME signature, which can be used to verify its authenticity. If the message itself appears as an attachment, you are probably using using a broken mail program, such as Microsoft Outlook Express.
Attachment:
signature.asc
Description: Digital signature
