On Sat, 17 Apr 1999, Brandon S. Allbery KF8NH wrote:
[snip]
> One could get even finer-grained control, e.g. "can create files which are
> named `X.lock' in a specified directory, where `X' is an existing file owned
> by the uid of the process with the capability", but this is probably not a
> good idea because it requires encoding that kind of restriction into the
> kernel. Then again, a mechanism for loading byte-code capability definitions
> --- itself controlled by a "permanent" capability --- could prove useful for
> this level of control.
The only extension to this I've been considering is 'legal ports' where
we can have more fine-grained control over which ports a process can
listen on. I was thinking either a single port or a port range.
cheers,
David
- --
David L. Parsley
Network Specialist
City of Salem Schools
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/