> >Further to what Seb said, in general, loopback sockets are treated as an > >IPC mechanism and may be used by any random set of applications that have > >no interest in actually using the network. That is, not having the > >proposed NET_ACCESS privilege may cause random applications to fail even > >though they never attempted to access the network. Is this really the > >desired behavior? > > Yes. I wouldn't call it random; they're still INET sockets.
They are inet sockets as an IPC mechanism that has nothing to do with networking per se. Same with AF_UNIX sockets. That is, this privilege will both prevent use of the network and prevent applications that happen to use loopback and AF_UNIX sockets for IPC from working. We have no control over what applications those may be. In the case of loopback IPC: we do not support a system with lo0 unplumbed because we do not know what applications will break. This proposal seems to result in a system that is at least as unsupportable. -- meem
