Searched hist:"3 d5013337a7136f8ee099cb27f0c66160dd27c91" (Results 1 – 2 of 2) sorted by relevance
| /freebsd/sys/net/ |
| H A D | if_tuntap.c | diff 3d5013337a7136f8ee099cb27f0c66160dd27c91 Mon Oct 21 16:38:11 CEST 2019 Kyle Evans <kevans@FreeBSD.org> tuntap(4): restrict scope of net.link.tap.user_open slightly
net.link.tap.user_open has historically allowed non-root users to do devfs
cloning and open /dev/tap* nodes based on permissions. Loosen this up to
make it only allow users to do devfs cloning -- we no longer check it in
tunopen.
This allows tap devices to be created that can actually be opened by a user,
rather than swiftly restricting them to root because the magic sysctl has
not been set.
The sysctl has not yet been completely deprecated, because more thought is
needed for how to handle the devfs cloning case. There is not an easy
suitable replacement for the sysctl there, and more care needs to be placed
in determining whether that's OK or not.
PR: 200185
|
| /freebsd/ |
| H A D | UPDATING | diff 3d5013337a7136f8ee099cb27f0c66160dd27c91 Mon Oct 21 16:38:11 CEST 2019 Kyle Evans <kevans@FreeBSD.org> tuntap(4): restrict scope of net.link.tap.user_open slightly
net.link.tap.user_open has historically allowed non-root users to do devfs
cloning and open /dev/tap* nodes based on permissions. Loosen this up to
make it only allow users to do devfs cloning -- we no longer check it in
tunopen.
This allows tap devices to be created that can actually be opened by a user,
rather than swiftly restricting them to root because the magic sysctl has
not been set.
The sysctl has not yet been completely deprecated, because more thought is
needed for how to handle the devfs cloning case. There is not an easy
suitable replacement for the sysctl there, and more care needs to be placed
in determining whether that's OK or not.
PR: 200185
|