The following subsections describe access control and object reuse handling associated with establishing a
communications channel.
5.4.5.1 socket()
socket() creates an endpoint of communication using the desired protocol type. Object reuse handling
during socket creation is described in Section 5.3.5. socket() may perform additional access control
checks by calling the security_socket_create() and security_socket_post_create()
LSM hooks, but the SLES kernel does not use these LSM hooks.
5.4.5.2 bind()
bind() associates a name (address) to a socket that was created with the socket system call. It is necessary
to assign an address to a socket before it can accept connections. Depending on the domain type of the
socket, the bind function gets diverted to the domain-specific bind function.
If the port number being associated with a socket is below PROT_SOCK (defined at compile time as 1024),
then inet_bind() ensures that the calling process possesses the CAP_NET_BIND_SERVICE capability.
On the TOE, the CAP_NET_BIND_SERVICE capability maps to a uid of zero.
80
Figure 5-20: bind() function for internet domain TCP socket