DragonFly users List (threaded) for 2008-12
[
Date Prev][
Date Next]
[
Thread Prev][
Thread Next]
[
Date Index][
Thread Index]
Re: vkernel(7) usage and granularity of privileges
:Hello,
:
:the example in vkernel(7) shows how to start a vkernel with bridged
:networking. Unfortunately, this requires to start the whole vkernel as
:root user, since opening a tap(4) device requires superuser privileges.
:Without bridged networking, vkernel runs fine without superuser privileges.
:
:I'm looking for a solution which runs the vkernel as unprivileged user
:but still allows me to use the bridged tap device. Is there an
:out-of-the-box solution for this in DragonFlyBSD?
:
:regards,
:Andreas
Yup, you sure can. man vknetd. This allows you to set up a
software ether switch with a TAP interface as one of the connections,
and then allow userland (aka a vkernel running as a user) to connect
to the vknetd via a group-accessible unix domain socket.
You can then treat the TAP interface as a local IP space (or even bridge
it if you want). If you treat it as a local IP space you can then use
something like PF to NAT it to the outside world and control the
bandwidth usage.
-Matt
Matthew Dillon
<dillon@backplane.com>
[
Date Prev][
Date Next]
[
Thread Prev][
Thread Next]
[
Date Index][
Thread Index]