On Tue, Nov 28, 2006 at 10:13:02AM +0200, Shachar Shemesh wrote: > Nadav Har'El wrote: > > > So basically, I want to tell linux to allow this process (or any process, > > for that manner) to bind any port. I tried using "capabilities", but didn't > > get it to work (does anyone know if this feature still exists in modern > > kernels??),
> It's supposed to be a part of SELinux, so that needs to be enabled > in order for capabilities to work. I have never had an occasion to > use it, so I don't know the specifics, but it should still be > around, and it does sound like what you are looking for. This is incorrect - POSIX capabilities predate SELinux. Check security/Kconfig, you'll see that "traditional capabilities support" does not require SELinux. It does require CONFIG_SECURITY, to enable the Linux Security Modules (LSM) framework. Note however that capabilities userspace support has been broken for ages so actually using them is slightly problematic. To answer the original question, I would write a wrapper that uses ptrace to do what's needed, but I'm crazy that way. Cheers, Muli ================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
