Steve Rihards wrote: > > I dont think any one has done this because it makes no sense. What does "IP > address for a process" even mean? IP addresses are required for routing a > packet to a computer... once there, you use ports to get to an > application... I think the idea would add security to a system as i have pondered this before. Say for instance you virtual host 200 sites and have 200 ip aliases and 200 different UIDs (1 UID for each site as is best common practice for security) - it would be nice for CGI or shell programs that makes socket connections running as UID X to source packets with *the associated IP address* Y - this would allow per user packet filtering rules and for example allow you to restrict access to network resources based on the UID of the remote process. *** IP per User One way would be to (in net/ipv4/af_inet.c) inspect sock->inode->i_uid in inet_bind(...) and inet_stream_connect(...) and read from an in kernel table [uid->ip] and change addr->sin_addr.s_addr (The source address is usually 0.0.0.0 which means selected automatically - otherwise an error could be returned if the specific bind address does not match the allowed address). Add some sort of configuration interface (populated during boot). I have tried this but not added the configuration interface. I have not yet investigated how this would be approached in a transport independant way. *** IP per Process Another way suggested by Chris is to add an address to the process struct and add a 'chbind' syscall to change it - although this would require changes to popular programs like apache to make use of this functionality. I am informed that FreeBSD's jail (sort of like a fancy chroot) functionality has this (jail->ip) sort of functionality. ~mc Vijay Subramani wrote: > > Hi, > > This may sound odd, but i want to know if any body > has done any work on assigning IP addresses (may be > Virtual IP) to processes. I am exploring ways on how > to provide IP addresses for processes, files, other > resources , etc. . I would like to get your opinion on > this. > > Thanks in advance, > Vijay - To unsubscribe from this list: send the line "unsubscribe linux-net" in the body of a message to [EMAIL PROTECTED]
