On Wed, 2009-12-23 at 14:40 -0800, Peter Memishian wrote: > > > I could see doing this on a subset of well-controlled applications, but > > > what happens when a customer using this facility wants some Sun-supported > > > application that happens to use loopback inet IPC to "work"? Are we > going > > > to change the code to accommodate their need, or tell them they're off > the > > > reservation? > > > > How would this be any different than if they tried removing other basic > > privileges, like the ability to fork() or exec(), from apps that really > > needed it? If customers break their system, it's broken. > > The difference is that removing the ability to fork() and exec() does > exactly that. This privilege removes the ability to communicate on the > network, and removes one of the mechanisms for IPC that has nothing > inherently to do with communicating on the network.
That is essentially the point I was initially making. I personally don't have any issue with the privilege as defined assuming that it's part of the basic privilege set. There would be a fundamental problem with the proposal if the problem that needed to be solved by the project teem included allowing local network access. This proposal doesn't prevent solving that problem in a different way, however. -Seb
