Henrik Nordstrom wrote:
> The kernel interface, while some aspects of it is much simpler is also
> not really meant to be called directly by applications.
>
> The attached patch approximates the same functionality using libcap.
> Differs slightly in how it sets the permitted capabilities to be kept on
> uid change (explicit instead of masked), but end result is the same as
> setting the capabilities won't work if these were not allowed.
>
/* NP: keep these two if-endif separate. Non-Linux work perfectly well
without Linux syscap support. */
-#if defined(_SQUID_LINUX_)
-
-#if HAVE_SYS_CAPABILITY_H
The above was done so that interception does not get disabled on FreeBSD
which now has some TPROXY support.
+#define PUSH_CAP(cap) cap_list[ncaps++] = (cap)
I can just see that converting to:
CAP_NET_ADMIN_ist[nCAP_NET_ADMINs++]=(CAP_NET_ADMIN) ...
Otherwise good.
Amos
-- Please be using Current Stable Squid 2.7.STABLE7 or 3.0.STABLE19 Current Beta Squid 3.1.0.14Received on Thu Oct 15 2009 - 22:03:54 MDT
This archive was generated by hypermail 2.2.0 : Fri Oct 16 2009 - 12:00:05 MDT