git: cf678e30ca01 - main - devfs: add bpf example
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Thu, 30 Apr 2026 20:38:50 UTC
The branch main has been updated by tuexen:
URL: https://cgit.FreeBSD.org/src/commit/?id=cf678e30ca015c93edc8a43aeff58cce3249c3af
commit cf678e30ca015c93edc8a43aeff58cce3249c3af
Author: Michael Tuexen <tuexen@FreeBSD.org>
AuthorDate: 2026-04-30 20:35:07 +0000
Commit: Michael Tuexen <tuexen@FreeBSD.org>
CommitDate: 2026-04-30 20:35:07 +0000
devfs: add bpf example
Add an example for allowing members of the network group to read from
bpf devices. In particular, this allows members of the network group
to monitor traffic without running with root privileges.
Reviewed by: markj, glebius
Sponsored by: Netflix, Inc.
Differential Revision: https://reviews.freebsd.org/D56742
---
sbin/devfs/devfs.conf | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/sbin/devfs/devfs.conf b/sbin/devfs/devfs.conf
index d3430a2fe844..3e010259a280 100644
--- a/sbin/devfs/devfs.conf
+++ b/sbin/devfs/devfs.conf
@@ -40,3 +40,9 @@
# Allow members of group operator to cat things to the speaker
#own speaker root:operator
#perm speaker 0660
+
+# Allow members of group network to read from bpf devices.
+# In particular, this allows all group members to capture all
+# network traffic using tcpdump or wireshark.
+#own bpf root:network
+#perm bpf 0640