Sock_raw Issue with setuid&chroot-ed login on Linux Servers (still unresolved) __linux

Problem:when using function socket (AF_INET, Sock_raw, ipproto_tcp ...) With setuid&chroot-ed fake root on Linux servers, it would always fail. However, the real root can work. Usually the fake root can do most things that root login required.
After investigation, got following hints:according to Mans page Of sock_raw (7), "Only processes with a effective US Er ID of 0 or the CAP_NET_RAW capability are allowed to open RAW sockets. According to capabilities (7)-Linux Mans page, "for the purpose of performing permission checks, traditional UNIX imp Lementations distinguish two categories of processes:privileged processes (whose effective user ID is 0, referred to as S Uperuser or root), and unprivileged processes (whose effective UID is nonzero). Privileged processes bypass All kernel permission checks-while unprivileged processes are subject to full permission Chec King based on the process ' s credentials (usually:effective UID, effective GID, and supplementary group list). Starting with kernel 2.2, Linux divides privileges traditionally with associated to into superuser distinct, units As capabilities, which can be independently enabled and disabled. Capabilities are a Per-thread attribute. Cap_net_raw useRAW and PACKET sockets. In raw socket access as normal user on Linux 2.4, Setuid is suggested, but it didn ' t work. Since we can ' t provide root login to all users, we must either find a way to let raw sockets work Oot-ed login, or substitute raw sockets with other options.