On Tue, 12 Jun 2001, Valentin Nechayev wrote:
> Tue, Jun 12, 2001 at 10:48:38, gzjyliu ([EMAIL PROTECTED]) wrote about
>"[PATCH] Limited BPF to the specified program":
>
> > So I can add the follow lines to my kernel config file:
> > options BPF_LIMITED
> > options BPF_ALLOWED_DEVID=29696
> > options BPF_ALLOWED_FILEID=439
>
> Another proposition:
>
> (an example)
> sysctl -w net.bpf.allowed_users=0,29,133
> sysctl -w net.bpf.allowed_groups=0,215,216
> sysctl -w net.bpf.per_interface.fxp2.allowed_users=0,222
>
> But the best variant IMHO is not to produce strange hacks against
> mainstream development, but implement (via devfs) interface stream
> devices and interface control devices. If anyone wants to set access
> rights to interface, he will set ACL to /dev/fxp0.stream or similar.
Or we just add ACL support to devfs, and solve the devd/initial ACL
problem :-). (Ooo, don't I make that sound simple? :-)
Robert N M Watson FreeBSD Core Team, TrustedBSD Project
[EMAIL PROTECTED] NAI Labs, Safeport Network Services
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message
