According to what I found[1] this project is current inoperative and it's unclear when (if ever) it will be available on FreeBSD.
Personally, I think the better option is for me to fix the libcap related problems so it's not required. It's a bit ugly but not all that difficult. Now that I have more VMs with a bigger variety of OSes I can actually test my fixes. For anyone wondering what the actual issue is, the root cause is that 1) TProxy needs capabilities in order to have the privilege of setting the transparency option at run time, but without having general root privileges. Other features are starting to use POSIXCaps but since it doesn't exist on all supported systems, we'll have to have an alternate and I don't see why that can't be used on Linux as well (except that it's probably less secure). 2) The threading model for POSIXCaps and setuid() are fundamentally incompatible, leading to the situation where POSIXCaps must be set *before* threads are started and the oldstyle setuid() needs to happen *after* threads are started. Dealing with this is straightforward, just ugly and effort intensive. [1] http://www.trustedbsd.org/privileges.html Saturday, July 16, 2011, 4:46:14 PM, you wrote: > http://www.freebsd.org/doc/en_US.ISO8859-1/books/developers-handbook/secure-chroot.html#AEN1514 >> 3.5.2POSIX®.1e Process Capabilities > On 7/16/11 5:19 PM, Igor Galić wrote: >> Anyone know how to do this on FreeBSD?
