On Tue, Jun 22, 2010 at 8:52 AM, Andrew Beverley <[email protected]> wrote:
> 1. Because the marking process needs to be run as root, can this only be > achieved by putting the mark function within the squid process that > originally starts up, and stipulate that this has to be run as root? Consider a dedicated helper like the diskd helper - send it a fd using shm, and a mark to place, and have it make the call. This can be started up before squid drops privileges. Better still, to a patch to netfilter to allow non root capabilities here. > 2. Is any such patch likely to be accepted? Yes, modulo code quality, testing, cleanliness etc etc - all the usual concerns. -Rob
