tap(4) should go UP if opened
Bruce M. Simpson
bms at FreeBSD.org
Wed Mar 14 13:09:29 UTC 2007
Hi,
Frank Behrens wrote:
> If we have no possibility to mark the interface as UP for the non-root process the
> net.link.tap.user_open=1 is useless, because we can not transmit any packets. With the
> patch the interface goes UP only, when the administrator allowed non-root user access.
>
>
The conditional in the second patch is a no-op as the open will be
forbidden if the user did not have privilege to open the tap. Bringing
the interface up by default potentially violates POLA, so this should
not happen by default.
Please try the attached patch, which puts this behaviour under a sysctl.
Thanks,
BMS
-------------- next part --------------
A non-text attachment was scrubbed...
Name: tapuponopen.diff
Type: text/x-patch
Size: 1437 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-net/attachments/20070314/9b7fc070/tapuponopen.bin
More information about the freebsd-net
mailing list