Firewall and user services that needs open ports
Callum Lerwick
seg at haxxed.com
Mon Jun 23 18:56:57 UTC 2008
On Mon, Jun 23, 2008 at 1:01 PM, Alexander Boström <abo at kth.se> wrote:
> But yes, the above can be done with SELinux as well. Maybe that will
> could actually provide a better user experience since you'd get error
> messages when binding sockets instead of mostly silently dropped
> packets.
Exactly my point. Rejecting the bind() call allows the app to present an
understandable error, within the context of the application. With an
interactive app it could provide a pretty GUI error dialog right then and
there. The API we need is there already. We're just not using it.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/fedora-devel-list/attachments/20080623/84998c46/attachment.htm>
More information about the fedora-devel-list
mailing list