| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 02 Feb 2009 23:35:21 -0800 (PST) From: David Miller <davem@...emloft.net> To: mjt@....msk.ru Cc: netdev@...r.kernel.org, agx@...xcpu.org Subject: Re: Allow group ownership of TUN/TAP devices. From: Michael Tokarev <mjt@....msk.ru> Date: Mon, 02 Feb 2009 17:44:34 +0300 > Michael Tokarev wrote: > [] > > 2, and this is the main one: How about supplementary groups? > > > > Here I have a valid usage case: a group of testers running various > > versions of windows using KVM (kernel virtual machine), 1 at a time, > > to test some software. kvm is set up to use bridge with a tap device > > (there should be a way to connect to the machine). Anyone on that group > > has to be able to start/stop the virtual machines. > > > > My first attempt - pretty obvious when I saw -g option of tunctl - is > > to add group ownership for the tun device and add a supplementary group > > to each user (their primary group should be different). But that fails, > > since kernel only checks for egid, not any other group ids. > > > > What's the reasoning to not allow supplementary groups and to only check > > for egid? > > Like this. > > Signed-off-by: Michael Tokarev <mjt@....msk.ru> Seems reasonable, applied, thanks. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists