From: Chris Wright (chris_at_wirex.com)
Date: Wed 27 Feb 2002 - 01:08:34 GMT
On Tue, 26 Feb 2002 16:57:36 -0500, Mihai RUSU wrote
> > For the first issue I think there can be done a quick hack based on the
> > sources of openwall patch (www.openwall.org) as follows:
> > - openwall kernels show on netstat only the connections which belong to
> > the current userid
I thought viewing /proc/net/* was limited by group id (you have to have
the special group id set with gid= mount option).
* Jacques Gelinas (jack_at_solucorp.qc.ca) wrote:
> The patch on ctx-8 uses the security context. The solution in openwall,
> should work on top of that and would be a per-vserver feature. openwall
> is part of the LSM I think.
Bits and pieces of Openwall are ported to LSM. The SECURE_PROC bit
has been waiting for an interface change in the VFS that should be
available soon (viro mentioned something like the next week or two for
the VFS change).