On 11 January 2012 15:26, Gerald McNulty <[email protected]> wrote: > Hello, > > Using IP_BINDANY to facilitate transparent proxying works as specified. > According the ip(4) man page and sys/netinet/ip_output.c, the > PRIV_NETINET_BINDANY privilege is required in order to make a setsockopt() > call with IP_BINDANY. > > I would like to use this in an app that does not run as uid 0. Is it > possible to assign the PRIV_NETINET_BINDANY privilege to a specific uid or > process or can this mechanism only be used in jails to reduce root > privileges further?
I'm not sure if the relevant bits of MAC have been committed. Robert? Adrian _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[email protected]"
