freebsd-nq/sys/net
Kyle Evans 3d5013337a tuntap(4): restrict scope of net.link.tap.user_open slightly
net.link.tap.user_open has historically allowed non-root users to do devfs
cloning and open /dev/tap* nodes based on permissions. Loosen this up to
make it only allow users to do devfs cloning -- we no longer check it in
tunopen.

This allows tap devices to be created that can actually be opened by a user,
rather than swiftly restricting them to root because the magic sysctl has
not been set.

The sysctl has not yet been completely deprecated, because more thought is
needed for how to handle the devfs cloning case. There is not an easy
suitable replacement for the sysctl there, and more care needs to be placed
in determining whether that's OK or not.

PR:		200185
2019-10-21 14:38:11 +00:00
..
altq Reduce the time it takes the kernel to install a new PF config containing a large number of queues 2019-02-11 05:17:31 +00:00
bpf_buffer.c Add an external mbuf buffer type that holds multiple unmapped pages. 2019-06-29 00:48:33 +00:00
bpf_buffer.h sys: general adoption of SPDX licensing ID tags. 2017-11-27 15:23:17 +00:00
bpf_filter.c sys: further adoption of SPDX licensing ID tags. 2017-11-20 19:43:44 +00:00
bpf_jitter.c Make UMA and malloc(9) return non-executable memory in most cases. 2018-06-13 17:04:41 +00:00
bpf_jitter.h Make UMA and malloc(9) return non-executable memory in most cases. 2018-06-13 17:04:41 +00:00
bpf_zerocopy.c Change synchonization rules for vm_page reference counting. 2019-09-09 21:32:42 +00:00
bpf_zerocopy.h sys: general adoption of SPDX licensing ID tags. 2017-11-27 15:23:17 +00:00
bpf.c Add an external mbuf buffer type that holds multiple unmapped pages. 2019-06-29 00:48:33 +00:00
bpf.h Extract eventfilter declarations to sys/_eventfilter.h 2019-05-20 00:38:23 +00:00
bpfdesc.h Rework locking in BPF code to remove rwlock from fast path. 2019-05-13 13:45:28 +00:00
bridgestp.c bridge: Fix panic if the STP root is removed 2019-03-15 11:21:20 +00:00
bridgestp.h sys: general adoption of SPDX licensing ID tags. 2017-11-27 15:23:17 +00:00
debugnet_inet.c Implement NetGDB(4) 2019-10-17 21:33:01 +00:00
debugnet_int.h Implement NetGDB(4) 2019-10-17 21:33:01 +00:00
debugnet.c Fix compile issues when building a kernel without the VIMAGE option. 2019-10-19 20:48:53 +00:00
debugnet.h Implement NetGDB(4) 2019-10-17 21:33:01 +00:00
dlt.h Re-apply r190640. 2018-05-31 09:11:21 +00:00
ethernet.h ether: add older ethertype definitions for QinQ 2019-10-17 00:34:53 +00:00
firewire.h sys: general adoption of SPDX licensing ID tags. 2017-11-27 15:23:17 +00:00
ieee8023ad_lacp.c Add kernel-side support for in-kernel TLS. 2019-08-27 00:01:56 +00:00
ieee8023ad_lacp.h Add kernel-side support for in-kernel TLS. 2019-08-27 00:01:56 +00:00
ieee_oui.h Fix a typo in r349969 2019-07-14 03:49:48 +00:00
if_arp.h Improve ARP logging. 2019-03-09 01:12:59 +00:00
if_bridge.c if_bridge(4): Complete bpf auditing of local traffic over the bridge 2019-05-29 01:08:30 +00:00
if_bridgevar.h Allow different bridge types to coexist 2018-05-11 05:00:40 +00:00
if_clone.c Use the new VNET_DEFINE_STATIC macro when we are defining static VNET 2018-07-24 16:35:52 +00:00
if_clone.h Extract eventfilter declarations to sys/_eventfilter.h 2019-05-20 00:38:23 +00:00
if_dead.c This adds the third step in getting BBR into the tree. BBR and 2019-08-01 14:17:31 +00:00
if_debug.c sys: general adoption of SPDX licensing ID tags. 2017-11-27 15:23:17 +00:00
if_disc.c Use the new VNET_DEFINE_STATIC macro when we are defining static VNET 2018-07-24 16:35:52 +00:00
if_dl.h sys: further adoption of SPDX licensing ID tags. 2017-11-20 19:43:44 +00:00
if_edsc.c Use the new VNET_DEFINE_STATIC macro when we are defining static VNET 2018-07-24 16:35:52 +00:00
if_enc.c New pfil(9) KPI together with newborn pfil API and control utility. 2019-01-31 23:01:03 +00:00
if_enc.h sys: general adoption of SPDX licensing ID tags. 2017-11-27 15:23:17 +00:00
if_epair.c Use the new VNET_DEFINE_STATIC macro when we are defining static VNET 2018-07-24 16:35:52 +00:00
if_ethersubr.c Widen NET_EPOCH coverage. 2019-10-07 22:40:05 +00:00
if_fwsubr.c Improve copy-and-pasted versions of SIOCGIFADDR. 2018-03-27 20:51:49 +00:00
if_gif.c Widen NET_EPOCH coverage. 2019-10-07 22:40:05 +00:00
if_gif.h Add handling for appearing/disappearing of ingress addresses to if_gif(4). 2018-10-21 18:06:15 +00:00
if_gre.c Add GRE-in-UDP encapsulation support as defined in RFC8086. 2019-04-24 09:05:45 +00:00
if_gre.h Add GRE-in-UDP encapsulation support as defined in RFC8086. 2019-04-24 09:05:45 +00:00
if_ipsec.c Allow configuration of several ipsec interfaces with the same tunnel 2018-11-16 14:21:57 +00:00
if_ipsec.h
if_lagg.c Add kernel-side support for in-kernel TLS. 2019-08-27 00:01:56 +00:00
if_lagg.h Select lacp egress ports based on NUMA domain 2019-05-03 14:43:21 +00:00
if_llatbl.c Extract eventfilter declarations to sys/_eventfilter.h 2019-05-20 00:38:23 +00:00
if_llatbl.h Extract eventfilter declarations to sys/_eventfilter.h 2019-05-20 00:38:23 +00:00
if_llc.h sys: further adoption of SPDX licensing ID tags. 2017-11-20 19:43:44 +00:00
if_loop.c Use the new VNET_DEFINE_STATIC macro when we are defining static VNET 2018-07-24 16:35:52 +00:00
if_me.c Widen NET_EPOCH coverage. 2019-10-07 22:40:05 +00:00
if_media.c Finish removing FDDI and tokenring media support. 2018-04-23 21:10:33 +00:00
if_media.h if_media: Add new 2.5G/5G/25G/40G/50G/100G/200G/400G media types 2018-08-22 18:19:56 +00:00
if_mib.c ifnet_byindex_ref() requires network epoch. 2019-10-09 16:21:50 +00:00
if_mib.h
if_pflog.h sys: general adoption of SPDX licensing ID tags. 2017-11-27 15:23:17 +00:00
if_pfsync.h sys: general adoption of SPDX licensing ID tags. 2017-11-27 15:23:17 +00:00
if_sppp.h
if_spppfr.c
if_spppsubr.c Don't use if_maddr_rlock() in sppp(4), use epoch(9) directly instead. 2019-10-10 23:54:37 +00:00
if_stf.c Interface output method must be executed in network epoch, so if_addr_rlock() 2019-10-10 23:50:32 +00:00
if_tap.h tap: add support for virtio-net offloads 2019-10-18 21:53:27 +00:00
if_tun.h if_tuntap(4): Add TUNGIFNAME 2019-07-25 22:23:34 +00:00
if_tuntap.c tuntap(4): restrict scope of net.link.tap.user_open slightly 2019-10-21 14:38:11 +00:00
if_types.h sys: further adoption of SPDX licensing ID tags. 2017-11-20 19:43:44 +00:00
if_var.h Split out a more generic debugnet(4) from netdump(4) 2019-10-17 16:23:03 +00:00
if_vlan_var.h Extract eventfilter declarations to sys/_eventfilter.h 2019-05-20 00:38:23 +00:00
if_vlan.c Revert two parts of r353292 that enter epoch when processing vlan capabilities. 2019-10-17 20:18:07 +00:00
if_vxlan.c Allow set MTU more than 1500 bytes. 2019-07-24 16:10:20 +00:00
if_vxlan.h Add support for IPv6 scoped addresses to vxlan 2017-12-30 04:03:53 +00:00
if.c Split out a more generic debugnet(4) from netdump(4) 2019-10-17 16:23:03 +00:00
if.h Add SIOCGIFDOWNREASON. 2019-09-17 18:49:13 +00:00
ifdi_if.m iflib(9): Add support for cloning pseudo interfaces 2018-05-11 20:08:28 +00:00
iflib_clone.c - Remove the unused ifc_link_irq and ifc_mtx_name members of struct iflib_ctx. 2019-05-06 20:56:41 +00:00
iflib_private.h - Replace unused and only ever written to members of public iflib(9) 2019-06-15 11:07:41 +00:00
iflib.c Split out a more generic debugnet(4) from netdump(4) 2019-10-17 16:23:03 +00:00
iflib.h Add IFLIB_SINGLE_IRQ_RX_ONLY. 2019-09-30 15:59:07 +00:00
ifq.h sys: further adoption of SPDX licensing ID tags. 2017-11-20 19:43:44 +00:00
mp_ring.c - Merge r338254 from cxgbe(4): 2019-05-09 11:34:46 +00:00
mp_ring.h mp_ring: avoid items offset difference between iflib and mp_ring 2019-01-03 23:06:05 +00:00
mppc.h
mppcc.c
mppcd.c
netisr_internal.h sys: general adoption of SPDX licensing ID tags. 2017-11-27 15:23:17 +00:00
netisr.c Widen NET_EPOCH coverage. 2019-10-07 22:40:05 +00:00
netisr.h sys: general adoption of SPDX licensing ID tags. 2017-11-27 15:23:17 +00:00
netmap_legacy.h netmap: add support for multiple host rings 2019-03-18 12:22:23 +00:00
netmap_user.h netmap: import changes from upstream (SHA 137f537eae513) 2019-09-01 14:47:41 +00:00
netmap_virt.h netmap: align codebase to the current upstream (760279cfb2730a585) 2018-12-05 11:57:16 +00:00
netmap.h netmap: import changes from upstream (SHA 137f537eae513) 2019-09-01 14:47:41 +00:00
paravirt.h
pfil.c Most Ethernet drivers that potentially can run a pfil(9) hook with 2019-03-10 17:20:09 +00:00
pfil.h Most Ethernet drivers that potentially can run a pfil(9) hook with 2019-03-10 17:20:09 +00:00
pfkeyv2.h sys: further adoption of SPDX licensing ID tags. 2017-11-20 19:43:44 +00:00
pfvar.h pf :Use counter(9) in pf tables. 2019-03-15 11:08:44 +00:00
ppp_defs.h
radix_mpath.c Switch RIB and RADIX_NODE_HEAD lock from rwlock(9) to rmlock(9). 2018-06-16 08:26:23 +00:00
radix_mpath.h sys: further adoption of SPDX licensing ID tags. 2017-11-20 19:43:44 +00:00
radix.c Switch RIB and RADIX_NODE_HEAD lock from rwlock(9) to rmlock(9). 2018-06-16 08:26:23 +00:00
radix.h Fix typo. 2018-06-16 19:21:09 +00:00
raw_cb.c sys: further adoption of SPDX licensing ID tags. 2017-11-20 19:43:44 +00:00
raw_cb.h sys: further adoption of SPDX licensing ID tags. 2017-11-20 19:43:44 +00:00
raw_usrreq.c sys: further adoption of SPDX licensing ID tags. 2017-11-20 19:43:44 +00:00
rndis.h
route_var.h Existense of PCB route caching doesn't allow us to use new fast route 2019-05-08 23:39:24 +00:00
route.c Make rt_getifa_fib() static. 2019-10-18 15:20:24 +00:00
route.h Make rt_getifa_fib() static. 2019-10-18 15:20:24 +00:00
rss_config.c
rss_config.h
rtsock.c Widen NET_EPOCH coverage. 2019-10-07 22:40:05 +00:00
sff8436.h
sff8472.h net: Update SFF-8024 definitions and strings with values from rev 4.6 2019-08-17 00:10:56 +00:00
slcompress.c sys: further adoption of SPDX licensing ID tags. 2017-11-20 19:43:44 +00:00
slcompress.h sys: further adoption of SPDX licensing ID tags. 2017-11-20 19:43:44 +00:00
toeplitz.c
toeplitz.h
vnet.c Fix regression issue after r353274: 2019-10-08 11:06:24 +00:00
vnet.h Compile time assert a valid subsystem for all VNET init and uninit functions. 2019-10-07 14:24:59 +00:00