DragonFly users List (threaded) for 2008-12
DragonFly BSD
DragonFly users List (threaded) for 2008-12
[Date Prev][Date Next]  [Thread Prev][Thread Next]  [Date Index][Thread Index]

Re: vkernel(7) usage and granularity of privileges


From: Matthew Dillon <dillon@xxxxxxxxxxxxxxxxxxxx>
Date: Sun, 28 Dec 2008 10:25:35 -0800 (PST)

:Hello,
:
:the example in vkernel(7) shows how to start a vkernel with bridged 
:networking. Unfortunately, this requires to start the whole vkernel as 
:root user, since opening a tap(4) device requires superuser privileges. 
:Without bridged networking, vkernel runs fine without superuser privileges.
:
:I'm looking for a solution which runs the vkernel as unprivileged user 
:but still allows me to use the bridged tap device. Is there an 
:out-of-the-box solution for this in DragonFlyBSD?
:
:regards,
:Andreas

    Yup, you sure can.  man vknetd.  This allows you to set up a
    software ether switch with a TAP interface as one of the connections,
    and then allow userland (aka a vkernel running as a user) to connect
    to the vknetd via a group-accessible unix domain socket.

    You can then treat the TAP interface as a local IP space (or even bridge
    it if you want).  If you treat it as a local IP space you can then use
    something like PF to NAT it to the outside world and control the
    bandwidth usage.

					-Matt
					Matthew Dillon 
					<dillon@backplane.com>



[Date Prev][Date Next]  [Thread Prev][Thread Next]  [Date Index][Thread Index]