At 00:50 19-01-2008, Amos Jeffries wrote:
>Alexandre Correa wrote:
>>maresia# ls -l /dev/pf
>>crw------- 1 root wheel 0, 74 Jan 10 11:18 /dev/pf
>
>Looks like all you need to do is start squid properly as root user
>and let it do the permissions dropping properly itself.
Even when permissions are dropped, Squid still needs to read
/dev/pf. The above permissions will cause an error. When
PF_TRANSPARENT is defined, the GID of /dev/pf has to be changed to be
accessible by Squid.
Currently, Squid 2.6.x opens /dev/pf in read/write mode. There was
an OpenBSD patch to src/client_side.c to open /dev/pf in read-only mode .
--- client_side.c.orig Mon Sep 3 06:13:36 2007
+++ client_side.c Sun Jan 20 09:14:37 2008
@@ -4441,7 +4441,7 @@
static int pffd = -1;
static time_t last_reported = 0;
if (pffd < 0) {
- pffd = open("/dev/pf", O_RDWR);
+ pffd = open("/dev/pf", O_RDONLY);
if (pffd >= 0)
commSetCloseOnExec(pffd);
}
Regards,
-sm
Received on Sun Jan 20 2008 - 10:28:12 MST
This archive was generated by hypermail pre-2.1.9 : Fri Feb 01 2008 - 12:00:05 MST