"Dwayne C. Litzenberger" <dlitz@dlitz.net> writes: > Hi! > > I've created a patch to 2.6.1 (i386 only, for now) which implements > Dan Bernstein's disablenetwork() syscall, which allows any process to > abandon its ability (and the ability of any subsequently forked or > exec'd processes) to use bind(), connect(), sendto() and socket(). > > The patch is available at > http://www.dlitz.net/software/patches/disablenetwork/ , and I'd really > appreciate any feedback (this is my first real kernel modification). I'm interested in this work. An initial observation: It looks like you could clean up your patch a bit by just doing "return -EACCESS;" instead of introducing a do-nothing goto and label. -- --Ed L Cashin | PGP public key: ecashin@uga.edu | http://noserose.net/e/pgp/ -- Kernelnewbies: Help each other learn about the Linux kernel. Archive: http://mail.nl.linux.org/kernelnewbies/ FAQ: http://kernelnewbies.org/faq/
