Re: sockfs - a filesystem for reserved port permissions

thospel@mail.dma.be
20 Sep 1997 01:28:59 -0000

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Alan Cox: "Re: OFFTOPIC: Regarding NT vs Linux"
Previous message: Jean-Claude: "Re: OFFTOPIC: Regarding NT vs Linux"
In reply to: Andy Bakun: "Re: sockfs - a filesystem for reserved port permissions"
Next in thread: Andrea Arcangeli: "Re: IDE Ultra DMA patch"

In article <3.0.1.32.19970918142354.008825b0@po.scinc.com>,
"Andy Bakun" <abakun@scinc.com> writes:
> I have not taken a look at the patch in depth yet, but...
>
> What about after mounting sockfs, it appears as an empty dir, meaning that
> permissions are set defaultly (root only below 1024). Then, say I want
> user frank to be allowed to bind to port 80 on IP 1.2.3.4. So I mkdir
> /sockfs/1.2.3.4 and touch /sockfs/1.2.3.4/80. I can then chown
> /sockfs/1.2.3.4/80 to frank, as described. If I touch /sockfs/80, then I'm
> setting up permissions for port 80 on all IP aliases. Add dirs somewhere for
>
> This will, of course, add some overhead at permission creating time, but it
> will get rid of that 6k (?) structure keeping track of the (mostly sparse)
> port permissions. It would be easier to get a general picture of the
> current permissions setup also, because you only have to look at (and keep
> track of) what has changed from the norm, rather than this huge list of ports.
>
> I'll go back to lurking now... :)

Since nothing is done with th contents yet, how about writing to the file
the interfaces you may bind to (empy means all). For transparant
proxying they can even be ip/netmask to allow you ranges
.

Next message: Alan Cox: "Re: OFFTOPIC: Regarding NT vs Linux"
Previous message: Jean-Claude: "Re: OFFTOPIC: Regarding NT vs Linux"
In reply to: Andy Bakun: "Re: sockfs - a filesystem for reserved port permissions"
Next in thread: Andrea Arcangeli: "Re: IDE Ultra DMA patch"