Subject: Re: per-process socket security settings
To: None <firstname.lastname@example.org>
From: Michael Richardson <email@example.com>
Date: 03/11/2001 02:22:55
>>>>> "Jason" == Jason R Thorpe <firstname.lastname@example.org> writes:
Jason> On Thu, Mar 08, 2001 at 10:42:39AM +0900, email@example.com wrote:
>> yup, but if there's someone who would like to use IPsec'ed DNS
>> lookup... an option to /etc/resolv.conf may be necessary.
Jason> Right, so if there is an option for resolv.conf, I guess it would
Jason> work like this:
Jason> - defaults to off.
Jason> - if off, explicitly set policy to "don't use ipsec" when
Jason> making the DNS request.
Is there a use case that you are thinking about here, where one would not
want to simply inherit some default? E.g. a system default, or a per-user
default? (I know that we don't have the latter)
Also, it isn't clear to me that a non-superuser can/should be able to
override a system default.
] Train travel features AC outlets with no take-off restrictions|gigabit is no[
] Michael Richardson, Solidum Systems Oh where, oh where has|problem with[
] firstname.lastname@example.org www.solidum.com the little fishy gone?|PAX.port 1100[
] panic("Just another NetBSD/notebook using, kernel hacking, security guy"); [