On Tue, Jun 22, 2010 at 8:52 AM, Andrew Beverley <andy_at_andybev.com> wrote:
> 1. Because the marking process needs to be run as root, can this only be
> achieved by putting the mark function within the squid process that
> originally starts up, and stipulate that this has to be run as root?
Consider a dedicated helper like the diskd helper - send it a fd using
shm, and a mark to place, and have it make the call. This can be
started up before squid drops privileges. Better still, to a patch to
netfilter to allow non root capabilities here.
> 2. Is any such patch likely to be accepted?
Yes, modulo code quality, testing, cleanliness etc etc - all the usual concerns.
-Rob
Received on Tue Jun 22 2010 - 04:01:01 MDT
This archive was generated by hypermail 2.2.0 : Tue Jun 22 2010 - 12:00:07 MDT