I've written (but not tested) an updated patch, for 2.6.7.
I probably won't start really working on anything like this for at least another 2 years or so (when I graduate from undergrad Engineering), so if you're interested in something like this, don't wait for me! :-)
Posting the entire message context, due to the long delay:
On Sun, Feb 01, 2004 at 09:59:04PM -0500, Ed L Cashin wrote:
"Dwayne C. Litzenberger" <dlitz@dlitz.net> writes:
Hi!
I've created a patch to 2.6.1 (i386 only, for now) which implements Dan Bernstein's disablenetwork() syscall, which allows any process to abandon its ability (and the ability of any subsequently forked or exec'd processes) to use bind(), connect(), sendto() and socket().
The patch is available at http://www.dlitz.net/software/patches/disablenetwork/ , and I'd really appreciate any feedback (this is my first real kernel modification).
I'm interested in this work.
An initial observation: It looks like you could clean up your patch a bit by just doing "return -EACCESS;" instead of introducing a do-nothing goto and label.
-- Dwayne C. Litzenberger <dlitz@dlitz.net>
This message contains an OpenPGP/MIME signature, which can be used to verify its authenticity. If the message itself appears as an attachment, you are probably using using a broken mail program, such as Microsoft Outlook Express.
Attachment:
signature.asc
Description: Digital signature
