On Monday 2010-06-28 23:21, Andrew Beverley wrote: >> > The problem is that Squid normally runs as a non-privileged user (I had >> > to remove the root checks from the code to get it to run as root). Is >> > there any way to mark packets when not root? Or is the only way to make >> > this work to run a small part of Squid as root? >> >> enter_suid()/leave_suid(). > >Thanks, although in the end I have decided to try and use the >CAP_NET_ADMIN capability flag instead, to keep the use of root to a >minimum. Hey, I've you're thatmuch worried, you'd be using selinux ;-) -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
