OSS in jail
Terje Elde
terje at elde.net
Sun Dec 6 20:19:36 UTC 2015
> On 06 Dec 2015, at 20:57, Luís Fernando Schultz Xavier da Silveira <schultz at ime.usp.br> wrote:
>
> This is the precise problem.
> I need either a stronger form of access control than unix permissions
> or two separate devices for playback and recording.
> Or maybe a separate OSS stack, in the spirit of VIMAGE.
> These options seem unrealistic, but the use case does not seem
> unreasonable, which is why I pose the question.
Although I haven't tested it for devices, it's likely you can solve this by using MAC, and the "file system firewall"; mac_bsdextended
Effectively you can define "firewall rules" for the file system, and thus block reads from the dsp.
Might be a learning curve to get things right though.
Terje
More information about the freebsd-questions
mailing list