DragonFly users List (threaded) for 2008-12
[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index][Thread Index]
[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index][Thread Index]
[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index][Thread Index]
Re: vkernel(7) usage and granularity of privileges
| From: | Matthew Dillon <dillon@xxxxxxxxxxxxxxxxxxxx> |
| Date: | Sun, 28 Dec 2008 10:25:35 -0800 (PST) |
:Hello,
:
:the example in vkernel(7) shows how to start a vkernel with bridged
:networking. Unfortunately, this requires to start the whole vkernel as
:root user, since opening a tap(4) device requires superuser privileges.
:Without bridged networking, vkernel runs fine without superuser privileges.
:
:I'm looking for a solution which runs the vkernel as unprivileged user
:but still allows me to use the bridged tap device. Is there an
:out-of-the-box solution for this in DragonFlyBSD?
:
:regards,
:Andreas
Yup, you sure can. man vknetd. This allows you to set up a
software ether switch with a TAP interface as one of the connections,
and then allow userland (aka a vkernel running as a user) to connect
to the vknetd via a group-accessible unix domain socket.
You can then treat the TAP interface as a local IP space (or even bridge
it if you want). If you treat it as a local IP space you can then use
something like PF to NAT it to the outside world and control the
bandwidth usage.
-Matt
Matthew Dillon
<dillon@backplane.com>
- Follow-Ups:
- Re: vkernel(7) usage and granularity of privileges
- From: Andreas Bartelt <dragonflybsd@bartula.de>
- Re: vkernel(7) usage and granularity of privileges
- References:
- vkernel(7) usage and granularity of privileges
- From: Andreas Bartelt <dragonflybsd@bartula.de>
- vkernel(7) usage and granularity of privileges
[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index][Thread Index]