Re: setrlimit(RLIMIT_NETWORK) vs. prctl(???)
From: Michael Stone
Date: Wed Dec 16 2009 - 10:29:19 EST
Ulrich,
As promised, here's a draft based on prctl() for comparison with the
rlimit()-based approach presented in the first attempt.
It behaves as I expect in simple testing with busybox "nc" and I'll do a more
thorough test shortly. I'm sending it now because I think that it's good enough
to give a decent overview of what the end result of this implementation
strategy might look like.
Regards,
Michael
------
Michael Stone (3):
Security: Add prctl(PR_{GET,SET}_NETWORK) interface.
Security: Implement prctl(PR_SET_NETWORK, PR_NETWORK_OFF) semantics.
Security: Document prctl(PR_{GET,SET}_NETWORK).
Documentation/prctl_network.txt | 69 +++++++++++++++++++++++++++++++++++++++
include/linux/prctl.h | 7 ++++
include/linux/prctl_network.h | 7 ++++
include/linux/sched.h | 2 +
kernel/Makefile | 2 +-
kernel/fork.c | 2 +
kernel/prctl_network.c | 37 +++++++++++++++++++++
kernel/ptrace.c | 2 +
kernel/sys.c | 7 ++++
net/socket.c | 51 +++++++++++++++++++++-------
net/unix/af_unix.c | 19 +++++++++++
11 files changed, 191 insertions(+), 14 deletions(-)
create mode 100644 Documentation/prctl_network.txt
create mode 100644 include/linux/prctl_network.h
create mode 100644 kernel/prctl_network.c
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/