But in reality a file is not a good abstraction for an internet socket. The ACLs would in essence spell out firewall rules. Because the bigger question is where can it connect to than "user" that is connecting.
That's why this is done on the level of kernel networking, where kernel knows what process is trying to open a socket and can firewall it.
But in reality a file is not a good abstraction for an internet socket. The ACLs would in essence spell out firewall rules. Because the bigger question is where can it connect to than "user" that is connecting.
That's why this is done on the level of kernel networking, where kernel knows what process is trying to open a socket and can firewall it.