The above poster was of course deeply stupid, and could have done with
more sleep :)
It's in net/ipv4/af_inet.c
I was looking for some way of letting users own devices, so they
can do some subset of the operations reserved for root on their device.
Further reading led to "route by owner" in netfilter, but it's not quite
it.
This would let me do something like:
ifconfig eth0:www 1.2.3.4
route add default 1.2.3.4 -user www
But would still not let www bind low ports on eth0:www.
There seem to be a few ways to do this.
Teach capable() about owned routes.
Make interfaces/aliases directly ownable, add CAP_NET_BIND_ANY
so you can only bind to an interface you own, or if you have
CAP_NET_BIND_ANY.
You need CAP_NET_BIND_ANY to chown an interface.
The second way seems cleaner to me.
Any comments?
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/