Opened 8 years ago

Last modified 8 years ago

#111 new enhancement

vuurmuur daemon should not be running as root

Reported by: Fred Leeflang Owned by: Fred Leeflang
Priority: minor Milestone: undecided
Component: suite Version:
Keywords: Cc:


We may only need CAP_NET_ADMIN but perhaps we should build using libiptc then as opposed to running iptables/iptables-restore as I'm not certain how capabilities translate to forked processes.

Change History (1)

comment:1 Changed 8 years ago by Victor Julien

Priority: majorminor
Type: defectenhancement

libiptc is not supported by the netfilter project to be used by 3rd party tools like Vuurmuur. It doesn't have a stable API. So using that is not an option.

Note: See TracTickets for help on using tickets.