Ticket #111 (new enhancement)
vuurmuur daemon should not be running as root
| Reported by: | fredl | Owned by: | fredl |
|---|---|---|---|
| Priority: | minor | Milestone: | undecided |
| Component: | suite | Version: | |
| Keywords: | Cc: |
Description
We may only need CAP_NET_ADMIN but perhaps we should build using libiptc then as opposed to running iptables/iptables-restore as I'm not certain how capabilities translate to forked processes.
Change History
Changed 10 months ago by victor
- priority changed from major to minor
- type changed from defect to enhancement
Note: See
TracTickets for help on using
tickets.
libiptc is not supported by the netfilter project to be used by 3rd party tools like Vuurmuur. It doesn't have a stable API. So using that is not an option.