Opened 10 years ago
Last modified 10 years ago
#111 new enhancement
vuurmuur daemon should not be running as root
| Reported by: | Fred Leeflang | Owned by: | Fred Leeflang |
|---|---|---|---|
| Priority: | minor | Milestone: | undecided |
| Component: | suite | Version: | |
| Keywords: | Cc: |
Description
We may only need CAP_NET_ADMIN but perhaps we should build using libiptc then as opposed to running iptables/iptables-restore as I'm not certain how capabilities translate to forked processes.
Change History (1)
comment:1 Changed 10 years ago by
| Priority: | major → minor |
|---|---|
| Type: | defect → enhancement |
Note: See
TracTickets for help on using
tickets.
libiptc is not supported by the netfilter project to be used by 3rd party tools like Vuurmuur. It doesn't have a stable API. So using that is not an option.