Robert Watson wrote:
Perhaps the tapclone privilege check should also check tapuopen, as
the open check does?
You mean like this? Haven't tested this, but it feels right (let users
create tap/tun interfaces if the user_open sysctl is enabled):-
Index: if_tap.c
===================================================================
RCS file: /home/ncvs/src/sys/net/if_tap.c,v
retrieving revision 1.69
diff -u -p -r1.69 if_tap.c
--- if_tap.c 4 Feb 2007 16:32:46 -0000 1.69
+++ if_tap.c 4 Feb 2007 21:48:04 -0000
@@ -340,11 +340,7 @@ tapclone(void *arg, struct ucred *cred,
if (*dev != NULL)
return;
- /*
- * If tap cloning is enabled, only the superuser can create
- * an interface.
- */
- if (!tapdclone || priv_check_cred(cred, PRIV_NET_IFCREATE, 0) != 0)
+ if (!tapuopen && priv_check_cred(cred, PRIV_NET_IFCREATE, 0) != 0)
return;
unit = 0;
Exit 1
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
