Quoting Paul Menage ([EMAIL PROTECTED]): > On 9/10/07, Serge E. Hallyn <[EMAIL PROTECTED]> wrote: > > > > The only downside I see right now is what to do about a sendto() on a > > udp socket that hasn't been bound. > > Maybe have additional chains in the new iptable called "sendto" and > "recvfrom" that are invoked for those operations on unbound datagram > sockets?
Yup. Perhaps the biggest upside of this approach is that it's providing network functionality in a way that should be much more familiar to network folks. As opposed to using an lsm with a new vfs interface. Is anyone working on this implementation, for comparison to the lsm patch? -serge _______________________________________________ Containers mailing list [EMAIL PROTECTED] https://lists.linux-foundation.org/mailman/listinfo/containers _______________________________________________ Devel mailing list Devel@openvz.org https://openvz.org/mailman/listinfo/devel
