On Thu, 15 Aug 2002 12:50, Sam Vilain wrote: > > There are some limitations with it. The biggest limitation when > > compared to my SE Linux work is it's lack of flexibility. I can > > setup a SE Linux chroot, then do a bind mount of /home/www, and > > grant read-only access to the files and directories of user_home_t > > and search access to directories of type user_home_dir_t. > > This stuff is accomplished through file immutability and Linux > capabilities. It's not as flexible as the system you're describing > sounds, but it does work with standard Linux filesystem features and > represents a smaller departure from UNIX conventions.
True. > I tried adding an extra IP address - 127.0.0.X - to the IP chroot and > defining that as `localhost' in /etc/hosts, and eventually after > finding that SSH local port forwarding (to pick on an application for > which it didn't work) was always trying to bind to 127.0.0.1, I found > this gem in glibc: > > /* Network number for local host loopback. */ > #define IN_LOOPBACKNET 127 > /* Address to loopback in software to local host. */ > #ifndef INADDR_LOOPBACK > # define INADDR_LOOPBACK ((in_addr_t) 0x7f000001) /* Inet 127.0.0.1. */ > #endif > > so the getaddrinfo() call will always return 127.0.0.1 for the local > host. Which is a bit of an arse really, but I think I'd probably just > get laughed at or ignored if I logged a bug against it. I think you should file a bug report. /etc/hosts contains an entry for "localhost" on every system. What is the point of this if glibc is to do it? If glibc wants to fudge in a value AFTER checking /etc/hosts and finding no match then that would be OK. But doing it unconditionally is wrong. Of course you probably will get laughed at or ignored, but I think that many people will agree with you, so you should file the bug report. -- I do not get viruses because I do not use MS software. If you use Outlook then please do not put my email address in your address-book so that WHEN you get a virus it won't use my address in the >From field.