Le 28/05/2010 09:16, Simon Geard a écrit : >> Simply because IP is not designed like this at all. NetworkManager's >> scope is make IP networking easy; not to re-invent the Internet. > > Actually, couldn't something be done with Netfilter rules? The > connection (a VPN, say) might technically be system-wide, but with rules > enforcing that only applications running as a certain user could send > and receive packets on it? Perhaps imperfect, but a starting point...
Sockets have owners, but I doubt very much you can extend that to packets. The "end-to-end principle" strikes again. So this rules out Netfilter I am afraid. On the other hand, maybe SELinux or POSIX capabilities could do something at the socket level. _______________________________________________ networkmanager-list mailing list [email protected] http://mail.gnome.org/mailman/listinfo/networkmanager-list
