diff options
| -rw-r--r-- | UPDATING | 9 | ||||
| -rw-r--r-- | sys/net/if_tuntap.c | 15 |
2 files changed, 11 insertions, 13 deletions
@@ -26,6 +26,15 @@ NOTE TO PEOPLE WHO THINK THAT FreeBSD 13.x IS SLOW: disable the most expensive debugging functionality run "ln -s 'abort:false,junk:false' /etc/malloc.conf".) +20191021: + The net.link.tap.user_open sysctl no longer prevents user opening of + already created /dev/tapNN devices. Access is still controlled by + node permissions, just like tun devices. The net.link.tap.user_open + sysctl is now used only to allow users to perform devfs cloning of + tap devices, and the subsequent open may not succeed if the user is not + in the appropriate group. This sysctl may be deprecated/removed + completely in the future. + 20191009: mips, powerpc, and sparc64 are no longer built as part of universe / tinderbox unless MAKE_OBSOLETE_GCC is defined. If diff --git a/sys/net/if_tuntap.c b/sys/net/if_tuntap.c index 3566219f731b..8cefa9d17f90 100644 --- a/sys/net/if_tuntap.c +++ b/sys/net/if_tuntap.c @@ -181,7 +181,7 @@ static const char vmnetname[] = "vmnet"; static MALLOC_DEFINE(M_TUN, tunname, "Tunnel Interface"); static int tundebug = 0; static int tundclone = 1; -static int tap_allow_uopen = 0; /* allow user open() */ +static int tap_allow_uopen = 0; /* allow user devfs cloning */ static int tapuponopen = 0; /* IFF_UP on open() */ static int tapdclone = 1; /* enable devfs cloning */ @@ -202,7 +202,7 @@ SYSCTL_INT(_net_link_tun, OID_AUTO, devfs_cloning, CTLFLAG_RWTUN, &tundclone, 0, static SYSCTL_NODE(_net_link, OID_AUTO, tap, CTLFLAG_RW, 0, "Ethernet tunnel software network interface"); SYSCTL_INT(_net_link_tap, OID_AUTO, user_open, CTLFLAG_RW, &tap_allow_uopen, 0, - "Allow user to open /dev/tap (based on node permissions)"); + "Enable legacy devfs interface creation for all users"); SYSCTL_INT(_net_link_tap, OID_AUTO, up_on_open, CTLFLAG_RW, &tapuponopen, 0, "Bring interface up when /dev/tap is opened"); SYSCTL_INT(_net_link_tap, OID_AUTO, devfs_cloning, CTLFLAG_RWTUN, &tapdclone, 0, @@ -1049,17 +1049,6 @@ tunopen(struct cdev *dev, int flag, int mode, struct thread *td) return (error); /* Shouldn't happen */ } - if ((tunflags & TUN_L2) != 0) { - /* Restrict? */ - if (tap_allow_uopen == 0) { - error = priv_check(td, PRIV_NET_TAP); - if (error != 0) { - CURVNET_RESTORE(); - return (error); - } - } - } - tp = dev->si_drv1; KASSERT(tp != NULL, ("si_drv1 should have been initialized at creation")); |