> I personally don't have any issue with the privilege as defined assuming
> that it's part of the basic privilege set. There would be a fundamental
> problem with the proposal if the problem that needed to be solved by the
> project teem included allowing local network access.
Regardless of whether it's in the basic privilege set, the question
remains of how we would handle a support call from a customer trying to
use this privilege to restrict network communication and tripping over the
IPC issue. If we support that, then we have effectively added a new
constraint that all future projects need to consider when selecting their
IPC mechanism[1].
[1] Loopback inet IPC is actually a fairly useful beast since it allows
cooperating applications to rendezvous without requiring a writable
fileystem.
--
meem
