Subject: Re: [PATCH] Security: Implement and document RLIMIT_NETWORK.
Date: Thursday 8th January 2009 01:22:17 UTC (over 8 years ago)
[added lsm list to the cc] > Daniel Bernstein has observed  that security-conscious userland > processes may benefit from the ability to irrevocably remove their > ability to create, bind, connect to, or send messages except in the > case of previously connected sockets or AF_UNIX filesystem sockets. We > provide this facility by implementing support for a new rlimit called > RLIMIT_NETWORK. > > This facility is particularly attractive to security platforms like OLPC > Bitfrost  and to isolation programs like Rainbow  and Plash . > > : http://cr.yp.to/unix/disablenetwork.html > : http://wiki.laptop.org/go/OLPC_Bitfrost > : http://wiki.laptop.org/go/Rainbow > : http://plash.beasts.org/ Have you considered utilizing network namespaces  ? A process created with a private network namespace has no network interfaces configured, except loopback, which is down. Does this do what you want? The launcher could optionally allow local IP by bringing up the loopback interface.  http://lxc.sourceforge.net/network.php - James -- James Morris <[email protected]> -- To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html