Hi,
On Wed, Aug 22, 2007 at 04:42:54PM -0400, Jeff Dike wrote:
> > I can create devices that are owned by my user account (tunctl -u
> > `whoami` -t tap0) and it works fine. However, if I use group
> > permissions with -g it stops working. In all cases, if I pass -g
> > , the interface is
Hi,
On Wed, Aug 22, 2007 at 04:42:54PM -0400, Jeff Dike wrote:
I can create devices that are owned by my user account (tunctl -u
`whoami` -t tap0) and it works fine. However, if I use group
permissions with -g it stops working. In all cases, if I pass -g
group, the interface is created
> I can create devices that are owned by my user account (tunctl -u
> `whoami` -t tap0) and it works fine. However, if I use group
> permissions with -g it stops working. In all cases, if I pass -g
> , the interface is created correctly but it is unusable as a
> non-root user.
I can't reproduce
I can create devices that are owned by my user account (tunctl -u
`whoami` -t tap0) and it works fine. However, if I use group
permissions with -g it stops working. In all cases, if I pass -g
group, the interface is created correctly but it is unusable as a
non-root user.
I can't reproduce
On Mon, 20 Aug 2007, Rene Herman wrote:
> On 08/19/2007 11:42 PM, Bodo Eggert wrote:
> > The intended [my me] semantics is If the user is not
> > * the allowed user
> > or
> > * member of the allowed group
> > or
> > * cabable of CAP_NET_ADMIN
> > then error out. I'm asuming
>
> There is a
On Mon, 20 Aug 2007, Rene Herman wrote:
On 08/19/2007 11:42 PM, Bodo Eggert wrote:
The intended [my me] semantics is If the user is not
* the allowed user
or
* member of the allowed group
or
* cabable of CAP_NET_ADMIN
then error out. I'm asuming
There is a short description
On 08/19/2007 11:42 PM, Bodo Eggert wrote:
On Sun, 19 Aug 2007, Rene Herman wrote:
On 08/19/2007 06:05 PM, Bodo Eggert wrote:
IMHO the check is broken:
+ if (((tun->owner != -1 &&
+ current->euid != tun->owner) ||
+(tun->group != -1 &&
On Sun, 19 Aug 2007, Rene Herman wrote:
> On 08/19/2007 06:05 PM, Bodo Eggert wrote:
>
> > IMHO the check is broken:
> >
> > + if (((tun->owner != -1 &&
> > + current->euid != tun->owner) ||
> > +(tun->group != -1 &&
> > +
On 08/19/2007 06:05 PM, Bodo Eggert wrote:
IMHO the check is broken:
+ if (((tun->owner != -1 &&
+ current->euid != tun->owner) ||
+(tun->group != -1 &&
+ current->egid != tun->group)) &&
+
Mike Mohr <[EMAIL PROTECTED]> wrote:
(intentionally not snipping much)
> Per the post here:
>
> http://lkml.org/lkml/2007/6/18/228
>
> it appears that the group ownership patch has made it into .23. I am
> using these patches, amongst which the kernel component appears to be
> identical:
>
>
Mike Mohr [EMAIL PROTECTED] wrote:
(intentionally not snipping much)
Per the post here:
http://lkml.org/lkml/2007/6/18/228
it appears that the group ownership patch has made it into .23. I am
using these patches, amongst which the kernel component appears to be
identical:
On 08/19/2007 06:05 PM, Bodo Eggert wrote:
IMHO the check is broken:
+ if (((tun-owner != -1
+ current-euid != tun-owner) ||
+(tun-group != -1
+ current-egid != tun-group))
+
On Sun, 19 Aug 2007, Rene Herman wrote:
On 08/19/2007 06:05 PM, Bodo Eggert wrote:
IMHO the check is broken:
+ if (((tun-owner != -1
+ current-euid != tun-owner) ||
+(tun-group != -1
+ current-egid !=
On 08/19/2007 11:42 PM, Bodo Eggert wrote:
On Sun, 19 Aug 2007, Rene Herman wrote:
On 08/19/2007 06:05 PM, Bodo Eggert wrote:
IMHO the check is broken:
+ if (((tun-owner != -1
+ current-euid != tun-owner) ||
+(tun-group != -1
+
Per the post here:
http://lkml.org/lkml/2007/6/18/228
it appears that the group ownership patch has made it into .23. I am
using these patches, amongst which the kernel component appears to be
identical:
http://sigxcpu.org/unsorted-patches/0001-allow-tun-ownership-by-group.patch
Per the post here:
http://lkml.org/lkml/2007/6/18/228
it appears that the group ownership patch has made it into .23. I am
using these patches, amongst which the kernel component appears to be
identical:
http://sigxcpu.org/unsorted-patches/0001-allow-tun-ownership-by-group.patch
16 matches
Mail list logo