OSS in jail
markham breitbach
markhamb at corp.ssimicro.com
Mon Dec 7 16:18:08 UTC 2015
This is not a technical problem, and any technical solution will turn
into a giant Rube-Goldberg contraption that will ultimately fail.
Why are you giving out superuser permissions if you wish to restrict the
activities of your users?
The right answer to this is to not give out superuser permission.
-Markham
On 2015-12-06 12:44 PM, Luís Fernando Schultz Xavier da Silveira wrote:
> Hi,
>
> I would like one of my jails to have the ability to play back sound,
> but not to record it. As I understand, sound is played back by writing
> to /dev/dsp and recorded by reading from it. Hence, placing the /dev/dsp
> device (and /dev/dsp[0-9]* devices) in the jail via devfs.rules is not
> a solution since the jail superuser can override permissions on these
> devices and even read from them when they lack read permission.
>
> Is there a way to give a device to a jail in read-only mode?
> If not, is it possible to create a virtual OSS stack and give that to
> the jail?
> How would you solve this problem?
>
> Also, is it possible to give the jail a mixer device that can only read
> mixer settings but not alter them?
>
> Thanks,
> Luís
>
>
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"
>
More information about the freebsd-questions
mailing list