[CentOS] Re: Unable open raw socket in CentOS 5 - SE Linux andkernelcapability interaction?
Scott Silva
ssilva at sgvwater.com
Fri Mar 7 22:50:10 UTC 2008
on 3-7-2008 1:48 PM S Roderick spake the following:
> I was hoping that either via kernel capabilities or SE Linux that we
> could avoid this. Both seem to offer exactly the feature we want,
> opening raw sockets from unprivileged accounts. But it's really unclear
> from all the doc's online how these two interact. Best we could do was
> try all the examples and approaches we could find - none worked.
>
> I guess I can try trolling the kernel source ... ugh! ... to see if your
> recollection is correct. I certainly hope there is another option ...
>
> Thanks
> S
I am fairly sure of the same thing. Only root has access to raw sockets.
To quote the kernel hackers guide,"To use RAW sockets in Unix it it mandatory
that one be a root ." I can't see something like Selinux allowing something
like this, as it is a security no-no.
2.4 I believe had an ACL patch that did something in this general area, but I
don't remember how or what.
--
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 250 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/centos/attachments/20080307/8d505cb9/attachment.sig>
More information about the CentOS
mailing list