[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Firewall and user services that needs open ports



On Mon, Jun 23, 2008 at 1:01 PM, Alexander Boström <abo kth se> wrote:
But yes, the above can be done with SELinux as well. Maybe that will
could actually provide a better user experience since you'd get error
messages when binding sockets instead of mostly silently dropped
packets.

Exactly my point. Rejecting the bind() call allows the app to present an understandable error, within the context of the application. With an interactive app it could provide a pretty GUI error dialog right then and there. The API we need is there already. We're just not using it.

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]