HomeFreeBSD
Diffusion FreeBSD src repository - subversion rS363325

[net80211] Add new privileges; restrict what can be done in a jail.
rS363325
Actions

Description

[net80211] Add new privileges; restrict what can be done in a jail.

Split the MANAGE privilege into MANAGE, SETMAC and CREATE_VAP.

+ VAP_MANAGE is everything but setting the MAC and creating a VAP.
+ VAP_SETMAC is setting the MAC address of the VAP.

Typically you wouldn't want the jail to be able to modify this.

+ CREATE_VAP is to create a new VAP. Again, you don't want to be doing

this in a jail, but this DOES stop being able to run some corner
cases like Dynamic WDS (DWDS) AP in a jail/vnet. We can figure this
bit out later.

This allows me to run wpa_supplicant in a jail after transferring
a STA VAP into it. I unfortunately can't currently set the wlan
debugging inside the jail; that would be super useful!

Reviewed by: bz
Differential Revision: https://reviews.freebsd.org/D25630

Details

Provenance
adrianAuthored on
Reviewer
bz
Differential Revision
D25630: [net0211] Add new capabilities; restrict what can be done in a jail.
Parents
rS363324: at(1): Markup environment variables with proper macros
Branches
Unknown
Tags
Unknown

Changes (3)

PathSize
head/
sys/
kern/
net80211/

rS363325

View Options

head/sys/kern/kern_jail.c

Loading...
View Options

head/sys/net80211/ieee80211_freebsd.c

Loading...
View Options

head/sys/net80211/ieee80211_ioctl.c

Loading...