diff options
author | bms <bms@FreeBSD.org> | 2007-02-05 11:29:08 +0000 |
---|---|---|
committer | bms <bms@FreeBSD.org> | 2007-02-05 11:29:08 +0000 |
commit | 94de0f0fd023089743dfde41f9c02d55e6136af2 (patch) | |
tree | 83626f03295042dc5617b8e9b4697ea7275674eb /sys/net/if_tap.c | |
parent | 31c46b8cac1b8cad00f650c04fadea3cc282288c (diff) | |
download | FreeBSD-src-94de0f0fd023089743dfde41f9c02d55e6136af2.zip FreeBSD-src-94de0f0fd023089743dfde41f9c02d55e6136af2.tar.gz |
Fix devfs cloning for non-superusers when net.link.tap.user_open is non-zero.
Note: 'ifconfig tapX create' still requires PRIV_NET_IFCREATE privilege.
Reviewed by: rwatson
Diffstat (limited to 'sys/net/if_tap.c')
-rw-r--r-- | sys/net/if_tap.c | 7 |
1 files changed, 2 insertions, 5 deletions
diff --git a/sys/net/if_tap.c b/sys/net/if_tap.c index 9fa10b5..0dcaba0 100644 --- a/sys/net/if_tap.c +++ b/sys/net/if_tap.c @@ -340,11 +340,8 @@ tapclone(void *arg, struct ucred *cred, char *name, int namelen, struct cdev **d if (*dev != NULL) return; - /* - * If tap cloning is enabled, only the superuser can create - * an interface. - */ - if (!tapdclone || priv_check_cred(cred, PRIV_NET_IFCREATE, 0) != 0) + if (!tapdclone || + (!tapuopen && priv_check_cred(cred, PRIV_NET_IFCREATE, 0) != 0)) return; unit = 0; |