Date: Wed, 11 Jan 2012 23:26:31 +0000 From: Gerald McNulty <gmnt99@gmail.com> To: freebsd-hackers@freebsd.org Subject: Assigning the PRIV_NETINET_BINDANY privilege required for setsockopt(IP_BINDANY) Message-ID: <CAD%2B_bPxs7fc=n6HYTtNKwUXLu9kC8KL%2Bi8P9XvTQbtddicKMRQ@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
Hello, Using IP_BINDANY to facilitate transparent proxying works as specified. According the ip(4) man page and sys/netinet/ip_output.c, the PRIV_NETINET_BINDANY privilege is required in order to make a setsockopt() call with IP_BINDANY. I would like to use this in an app that does not run as uid 0. Is it possible to assign the PRIV_NETINET_BINDANY privilege to a specific uid or process or can this mechanism only be used in jails to reduce root privileges further? Thank you -- Gerald McNulty
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAD%2B_bPxs7fc=n6HYTtNKwUXLu9kC8KL%2Bi8P9XvTQbtddicKMRQ>