Assigning the PRIV_NETINET_BINDANY privilege required for
setsockopt(IP_BINDANY)
Adrian Chadd
adrian at freebsd.org
Thu Jan 12 06:03:57 UTC 2012
On 11 January 2012 15:26, Gerald McNulty <gmnt99 at gmail.com> wrote:
> Hello,
>
> Using IP_BINDANY to facilitate transparent proxying works as specified.
> According the ip(4) man page and sys/netinet/ip_output.c, the
> PRIV_NETINET_BINDANY privilege is required in order to make a setsockopt()
> call with IP_BINDANY.
>
> I would like to use this in an app that does not run as uid 0. Is it
> possible to assign the PRIV_NETINET_BINDANY privilege to a specific uid or
> process or can this mechanism only be used in jails to reduce root
> privileges further?
I'm not sure if the relevant bits of MAC have been committed. Robert?
Adrian
More information about the freebsd-hackers
mailing list