on 3-7-2008 1:48 PM S Roderick spake the following: > I was hoping that either via kernel capabilities or SE Linux that we > could avoid this. Both seem to offer exactly the feature we want, > opening raw sockets from unprivileged accounts. But it's really unclear > from all the doc's online how these two interact. Best we could do was > try all the examples and approaches we could find - none worked. > > I guess I can try trolling the kernel source ... ugh! ... to see if your > recollection is correct. I certainly hope there is another option ... > > Thanks > S I am fairly sure of the same thing. Only root has access to raw sockets. To quote the kernel hackers guide,"To use RAW sockets in Unix it it mandatory that one be a root ." I can't see something like Selinux allowing something like this, as it is a security no-no. 2.4 I believe had an ACL patch that did something in this general area, but I don't remember how or what. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 250 bytes Desc: OpenPGP digital signature URL: <http://lists.centos.org/pipermail/centos/attachments/20080307/8d505cb9/attachment-0005.sig>