Opened 4 years ago
Last modified 4 years ago
#111 new enhancement
vuurmuur daemon should not be running as root
| Reported by: | fredl | Owned by: | fredl |
|---|---|---|---|
| Priority: | minor | Milestone: | undecided |
| Component: | suite | Version: | |
| Keywords: | Cc: |
Description
We may only need CAP_NET_ADMIN but perhaps we should build using libiptc then as opposed to running iptables/iptables-restore as I'm not certain how capabilities translate to forked processes.
Change History (1)
comment:1 Changed 4 years ago by victor
- Priority changed from major to minor
- Type changed from defect to enhancement
Note: See
TracTickets for help on using
tickets.
libiptc is not supported by the netfilter project to be used by 3rd party tools like Vuurmuur. It doesn't have a stable API. So using that is not an option.