[prev in list] [next in list] [prev in thread] [next in thread]
List: lids-user
Subject: Re: [lids-user] Re: Any suggestion about the new LIDS 2.2.0pre1 for 2.6.3?
From: Huagang Xie <xie () www ! lids ! org>
Date: 2004-03-28 22:30:34
Message-ID: 20040329100744.GA23898 () lids ! org
[Download RAW message or body]
Thanks, I accept the suggestions and I am going to add two things
1. lids acl support for xattr-unsupported filesystem.
- if filesystem use xattr, it will use xattr, otherwise,
it will use the old way, store them in lids.conf.
2. bind port support.
- will add it back.:-)
Thanks again,
Huagang
On Sun, Mar 28, 2004 at 01:39:00PM -0500, Matt Benjamin wrote:
> I'm probably misunderstanding again--was the port-specific binding
> removed because of incompatibility with LSM--or was it done as a
> simplification?
>
> The alternative you suggest is another way to restrict access to bind
> ports, but it is not equivalent and, worse, relying on it defines yet a
> nother class of programs whose operation may be incompatible with
> LIDS--ie, those that need to bind a well-known port after startup.
>
> It's not that there are likely to be many of those, it's more an a
> problem at a higher strategic level: in order to be useful, LIDS has to
> fit into the ecology of existing Linux software. It's not really
> acceptable to say, except in the most extreme cases, "well, programs
> just shouldn't be doing that."
>
> Matt
>
> Huagang Xie wrote:
>
> >One way to do that is let the program start-up with the
> >CAP_NET_BIND_SERVICE,
> >then remove its capability after it startup. Using multple STATE ACLs
> >should
> >be able to do that.
> >
> >Thanks,
> >Huagang
> >
> >
>
>
>
> -------------------------------------------------------
> This SF.Net email is sponsored by: IBM Linux Tutorials
> Free Linux tutorial presented by Daniel Robbins, President and CEO of
> GenToo technologies. Learn everything from fundamentals to system
> administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
> _______________________________________________
> lids-user mailing list
> lids-user@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/lids-user
[Attachment #3 (application/pgp-signature)]
-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
_______________________________________________
lids-user mailing list
lids-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lids-user
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic