>>>> I was hoping that either via kernel capabilities or SE Linux that >>>> we >>>> could avoid this. Both seem to offer exactly the feature we want, >>>> opening raw sockets from unprivileged accounts. But it's really >>>> unclear from all the doc's online how these two interact. Best we >>>> could do was try all the examples and approaches we could find - >>>> none >>>> worked. >>>> >>>> I guess I can try trolling the kernel source ... ugh! ... to see if >>>> your recollection is correct. I certainly hope there is another >>>> option ... >>>> >>>> Thanks >>>> S >>> >>> I think Ross is right. At my last contract with IBM some years back, >>> we >>> were doing some raw socket stuff. ISTR that we had no problems >>> because >>> we were real root applications. IIRC, docs specified root >>> privileges. >> >> >> I completely agree with the fact that raw sockets require root >> privilege, that is the situation we're currently in and don't want to >> continue with. But am I then completely misunderstanding when I think >> that SE Linux can allow non-root access to certain "normally root >> only" capabilities, on a per process basis? Certainly all the ping- >> related SE Linux examples online all show precisely this: provide >> access to raw sockets for a non-root process. >> > > ping is suid root, though. Agreed, ping normally is. But what the SE Linux examples are showing is that you can remove the potential security hole of having ping be suid root, and use a custom SE Linux module to allow it simply access to raw sockets. Then, comprimising ping gets you only raw socket access and not full root access. At least, this is my understanding ... S