'Re: [lids-user] Re: Any suggestion about the new LIDS 2.2.0pre1 for 2.6.3?'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       lids-user
Subject:    Re: [lids-user] Re: Any suggestion about the new LIDS 2.2.0pre1 for 2.6.3?
From:       Huagang Xie <xie () www ! lids ! org>
Date:       2004-03-28 22:30:34
Message-ID: 20040329100744.GA23898 () lids ! org
[Download RAW message or body]

Thanks, I accept the suggestions and I am going to add two things

1. lids acl support for xattr-unsupported filesystem.
	- if filesystem use xattr, it will use xattr, otherwise, 
	  it will use the old way, store them in lids.conf.

2. bind port support.
	- will add it back.:-)

Thanks again,
Huagang

On Sun, Mar 28, 2004 at 01:39:00PM -0500, Matt Benjamin wrote:
> I'm probably misunderstanding again--was the port-specific binding 
> removed because of incompatibility with LSM--or was it done as a 
> simplification?
> 
> The alternative you suggest is another way to restrict access to bind 
> ports, but it is not equivalent and, worse, relying on it defines yet a 
> nother class of programs whose operation may be incompatible with 
> LIDS--ie, those that need to bind a well-known port after startup.
> 
> It's not that there are likely to be many of those, it's more an a 
> problem at a higher strategic level:  in order to be useful, LIDS has to 
> fit into the ecology of existing Linux software.  It's not really 
> acceptable to say, except in the most extreme cases, "well, programs 
> just shouldn't be doing that."
> 
> Matt
> 
> Huagang Xie wrote:
> 
> >One way to do that is let the program start-up with the 
> >CAP_NET_BIND_SERVICE,
> >then remove its capability after it startup. Using multple STATE ACLs 
> >should
> >be able to do that.
> >
> >Thanks,
> >Huagang
> > 
> >
> 
> 
> 
> -------------------------------------------------------
> This SF.Net email is sponsored by: IBM Linux Tutorials
> Free Linux tutorial presented by Daniel Robbins, President and CEO of
> GenToo technologies. Learn everything from fundamentals to system
> administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
> _______________________________________________
> lids-user mailing list
> lids-user@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/lids-user

[Attachment #3 (application/pgp-signature)]
-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
_______________________________________________
lids-user mailing list
lids-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lids-user

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic