At 03:02 PM 20/10/00 +0800, Andrey Savochkin wrote:
>On Thu, Oct 19, 2000 at 09:52:30PM +1000, Cefiar wrote:
>[snip]
> > ... what is really necessary,
> > which is to simply not allow the programs to bind to the addresses in the
> > first place. Unfortunately to implement this sort of thing in god knows
> how
> > many user space programs looked like too much re-inventing of the wheel.
>[snip]
>
>I think that it's a good idea.
>The only question is whether such lists and conditions, and such a big degree
>of flexibility belongs to the kernel space.
>Isn't it better just to pass almost all bind() calls through a special daemon
>for systems which want non-trivial bind policies?
I'm happy with that - still produces the required effect and removes bloat
from kernel space. Also means it should be easy to revert to default behavior.
My original idea was basically a wrapper much like the way chroot works.
Being able to lock things in some state that was more appropriate for the
program in question. I know that when I set up named/bind on a 2.2 system I
set up with a chroot environment, every time an interface changed state, we
had to restart named so that it could re-bind to the addresses. Being able
to lock the state of those addresses in some way would be brilliant, wether
it's the default or not.
--
-=[ Stuart Young (Aka Cefiar) ]=-------------------------------
| http://amarok.glasswings.com.au/ | [EMAIL PROTECTED] |
---------------------------------------------------------------
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
Please read the FAQ at http://www.tux.org/lkml/
