I was hoping that either via kernel capabilities or SE Linux that
we
could avoid this. Both seem to offer exactly the feature we want,
opening raw sockets from unprivileged accounts. But it's really
unclear from all the doc's online how these two interact. Best we
could do was try all the exampl
I was hoping that either via kernel capabilities or SE Linux that we
could avoid this. Both seem to offer exactly the feature we want,
opening raw sockets from unprivileged accounts. But it's really
unclear from all the doc's online how these two interact. Best we
could do was try all the example
The raw socket option in the kernel only allows privileged processes
to open them.
Selinux controls which privileged processes have the right to.
To allow an unprivileged process to access a raw socket you will
need to write a proxy daemon that runs privileged and is allowed in
selinux
ere, where I can't remember, that 2.6
kernels only allow raw sockets to be opened by root.
You may need to have a write a proxy daemon to provide
access to the socket from unprivileged accounts.
-Ross
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
It runs fine under root and with sudo.
S
On Mar 7, 2008, at 15:33 , Ross S. W. Walker wrote:
Does it run as 'root'?
-Ross
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of S Roderick
Sent: Friday, March 07, 2008 3:28 PM
To: CentOS ma
Does anyone have any idea on this one? Based on everything we've tried
with kernel capabilities and SE Linux parameters, we're missing
something. Have tried everything we can find online.
Thanks
Stephen
On Mar 3, 2008, at 09:14 , S Roderick wrote:
I am wondering what is the i
I am wondering what is the interaction between SE Linux and the kernel
"capabilities" in CentOS 5.1? I'm trying to open a raw socket and keep
getting permission denied errors. I've tried using the lcap library to
find that CAP_SETPCAP appears to be off in the kernel. For compliance
reasons,
7 matches
Mail list logo
