Nir Tzachar wrote:
Hello. I am writing an application which uses the QUEUE target, and encountered a simple problem. My goal is to run the application without root privileges. That is, start the program under root, call ipq_create_handle, and then drop privileges. However, as far as I can tell, I cannot communicate with the netlink socket of netfilter unless the process has the CAP_NET_ADMIN capability (I may be wrong, but I am basing this on: /usr/src/linux/net/netfilter/nfnetlink.c:204: if (security_netlink_recv(skb, CAP_NET_ADMIN)) ). So, is there a way to use the QUEUE target _after_ dropping privilages?
Apparently none besides simply keeping CAP_NET_ADMIN. - To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html