[CentOS] Re: Unable open raw socket in CentOS 5 - SE Linux andkernelcapability interaction?

Fri Mar 7 22:50:10 UTC 2008
Scott Silva <ssilva at sgvwater.com>

on 3-7-2008 1:48 PM S Roderick spake the following:
> I was hoping that either via kernel capabilities or SE Linux that we 
> could avoid this. Both seem to offer exactly the feature we want, 
> opening raw sockets from unprivileged accounts. But it's really unclear 
> from all the doc's online how these two interact. Best we could do was 
> try all the examples and approaches we could find - none worked.
> 
> I guess I can try trolling the kernel source ... ugh! ... to see if your 
> recollection is correct. I certainly hope there is another option ...
> 
> Thanks
> S
I am fairly sure of the same thing. Only root has access to raw sockets.
To quote the kernel hackers guide,"To use RAW sockets in Unix it it mandatory 
that one be a root ." I can't see something like Selinux allowing something 
like this, as it is a security no-no.
2.4 I believe had an ACL patch that did something in this general area, but I 
don't remember how or what.

-- 
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 250 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/centos/attachments/20080307/8d505cb9/attachment-0005.sig>