I'm not sure if this will help you, but I'll tell you anyway ;-)
Yes there is a way to solve this, as well as the "I want process X to
bind to port <1024 if A B and C and it is a full moon" problem and
similar problems. However, you'll have to do some programming first
;-). The idea is to have a user-land "socket-server" that will do the
bind() call for processes. Processes that you want to treat specially
is revoked the ability to use sockets. Then what you do is you patch
glibc to try to contact the socket-server if a bind() or socket() call
fails. Using socket level credentials passing and filedescriptor
passing, the "bind-server()" will acknowledge the request,
authenticate the requesting process and grant a file-descriptor.
The problem with the above is of course that it _it not implemented_.
However an experimental (but trivial so it should be pretty safe)
patch that implements the kernel-support needed for this is available
from ftp.guardian.no/pub/free/linux/capabilities/patch-cap-exp-1 (I
think it's against 2.1.106).
astor
-- Alexander Kjeldaas, Guardian Networks AS, Trondheim, Norway http://www.guardian.no/- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.altern.org/andrebalsa/doc/lkml-faq.html