tap(4) should go UP if opened
    Bruce M. Simpson 
    bms at FreeBSD.org
       
    Wed Mar 14 13:09:29 UTC 2007
    
    
  
Hi,
Frank Behrens wrote:
> If we have no possibility to mark the interface as UP for the non-root process the 
> net.link.tap.user_open=1 is useless, because we can not transmit any packets. With the 
> patch the interface goes UP only, when the administrator allowed non-root user access.
>
>   
The conditional in the second patch is a no-op as the open will be 
forbidden if the user did not have privilege to open the tap. Bringing 
the interface up by default potentially violates POLA, so this should 
not happen by default.
Please try the attached patch, which puts this behaviour under a sysctl.
Thanks,
BMS
-------------- next part --------------
A non-text attachment was scrubbed...
Name: tapuponopen.diff
Type: text/x-patch
Size: 1437 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-net/attachments/20070314/9b7fc070/tapuponopen.bin
    
    
More information about the freebsd-net
mailing list