httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Pranav Desai" <pranavade...@gmail.com>
Subject Re: Need suggestions for adding tproxy support to mod_proxy
Date Sat, 20 Dec 2008 05:06:12 GMT
On Thu, Dec 18, 2008 at 2:34 AM, Graham Leggett <minfrin@sharp.fm> wrote:
> Pranav Desai wrote:
>
>> Yeah, the application changes are restricted to a few lines. I believe
>> you mean the connect_backend() and not the proxy_connect module for
>> the CONNECT method ?
>
> I did yes, sorry.
>
> If this can be made available to all the proxy modules in one go, it would
> be ideal.
>

There are more changes than I thought there would be. Tproxy needs the
CAP_NET_ADMIN capability for setting the setsockopt(). So it seems
like I have to preserve the capabilities using prctl and then after
the effective user changes to non-privileged, set the CAP_NET_ADMIN
capability for that process.
What I am not sure of is:
* Whats the best place to keep the capabilities, since it would have
to be done before it drops the privilege.
* Would I have to add the capability for all processes that are
created for handling requests ?

Is there a better way to set the capabilities of all the spawned processes ?

Thanks
-- Pranav

> Regards,
> Graham
> --
>

Mime
View raw message