Opened 13 years ago
Last modified 13 years ago
#111 new enhancement
vuurmuur daemon should not be running as root
Reported by: | Fred Leeflang | Owned by: | Fred Leeflang |
---|---|---|---|
Priority: | minor | Milestone: | undecided |
Component: | suite | Version: | |
Keywords: | Cc: |
Description
We may only need CAP_NET_ADMIN but perhaps we should build using libiptc then as opposed to running iptables/iptables-restore as I'm not certain how capabilities translate to forked processes.
Note:
See TracTickets
for help on using tickets.
libiptc is not supported by the netfilter project to be used by 3rd party tools like Vuurmuur. It doesn't have a stable API. So using that is not an option.