Tue, Jun 12, 2001 at 10:48:38, gzjyliu ([EMAIL PROTECTED]) wrote about
"[PATCH] Limited BPF to the specified program":
> So I can add the follow lines to my kernel config file:
> options BPF_LIMITED
> options BPF_ALLOWED_DEVID=29696
> options BPF_ALLOWED_FILEID=439
Another proposition:
(an example)
sysctl -w net.bpf.allowed_users=0,29,133
sysctl -w net.bpf.allowed_groups=0,215,216
sysctl -w net.bpf.per_interface.fxp2.allowed_users=0,222
But the best variant IMHO is not to produce strange hacks against
mainstream development, but implement (via devfs) interface stream
devices and interface control devices. If anyone wants to set access
rights to interface, he will set ACL to /dev/fxp0.stream or similar.
> The 0~7 bits of BPF_ALLOWED_DEVID is the minor number of the device,
> while the 8~15 bits is the major number of the device. Probably I
> should make the options like BPF_ALLOWED_DEV_MAJOR and
> BPF_ALLOWED_DEV_MINOR.
>
> Anyone interested?
Post URL to a page where anyone can find it and list keywords for it.
If anyone try to search for it, he will go to google or
freebsd.org->mailing_lists->search and enter proper keywords.
"Manuscripts cannot burn" ([M. Bulgakov])
/netch
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message
