On Thursday 07 February 2013 10.39.59 Philipp Kern wrote: > On Thu, Feb 07, 2013 at 10:28:28AM +1100, Russell Coker wrote: > > Such capabilities allow the process to bind to all low ports, which > > usually isn't what you desire. If you want to permit a daemon to bind > > to exactly one reserved port and no others then it seems that the > > options are systemd (if the daemon supports socket based activation) and > > SE Linux. > > (x)inetd, no? Yes but the xinetd process keeps the socket open, then on new connection forks and gives the service the fd of the new connection, retaining the fd for the listener part. Which means that on every connection it has to fork (and that's extremely slow). -- Salvo Tomaselli
Description: This is a digitally signed message part.