On Tue, 2009-12-22 at 06:26 -0800, Casper Dik wrote: > This project proposes one new "basic" privilege. > > NET_ACCESS > Allows a process to open a network connection. > > The purpose of this privilege is the ability to create a process > confined to the current system.
Semantic nit: This mechanism accomplishes that and more. For example, without this privilege, a process also cannot open a PF_INET* socket to communicate locally using the loopback address. I assume that this is an acceptable situation for the intended consumer, otherwise one would need some more complex mechanism (perhaps involving the proposed socket filter framework PSARC 2009/590). -Seb
