Henrik Nordstrom wrote:
The kernel interface, while some aspects of it is much simpler is also
not really meant to be called directly by applications.
The attached patch approximates the same functionality using libcap.
Differs slightly in how it sets the permitted capabilities to be kept on
uid change (explicit instead of masked), but end result is the same as
setting the capabilities won't work if these were not allowed.
/* NP: keep these two if-endif separate. Non-Linux work perfectly well
without Linux syscap support. */
-#if defined(_SQUID_LINUX_)
-
-#if HAVE_SYS_CAPABILITY_H
The above was done so that interception does not get disabled on FreeBSD
which now has some TPROXY support.
+#define PUSH_CAP(cap) cap_list[ncaps++] = (cap)
I can just see that converting to:
CAP_NET_ADMIN_ist[nCAP_NET_ADMINs++]=(CAP_NET_ADMIN) ...
Otherwise good.
Amos
--
Please be using
Current Stable Squid 2.7.STABLE7 or 3.0.STABLE19
Current Beta Squid 3.1.0.14
