Use PEERCRED to obtain the user id of the vmmctl user. This is used to - wireguard-openbsd - WireGuard implementation for the OpenBSD kernel

diff options

author	reyk <reyk@openbsd.org>	2015-12-03 13:08:44 +0000
committer	reyk <reyk@openbsd.org>	2015-12-03 13:08:44 +0000
commit	091d9ffec32cd4cc119d9e5556e7da10f8655df1 (patch)
tree	d653790ab716af03bffe6ddf85e5798a977805e1 /sys/netinet/tcp_input.c
parent	accross->across, and tweak wording about interface creation (diff)
download	wireguard-openbsd-091d9ffec32cd4cc119d9e5556e7da10f8655df1.tar.xz wireguard-openbsd-091d9ffec32cd4cc119d9e5556e7da10f8655df1.zip

Use PEERCRED to obtain the user id of the vmmctl user. This is used to

restrict write operations (start/stop/terminate/load) to root for now, but allow others to obtain the status. A more sophisticated model will follow later, but this change prevents non-root users, even if in the wheel group, to start vms and thus to open any files read-writable as disks.

Diffstat (limited to 'sys/netinet/tcp_input.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: