Fix devfs cloning for non-superusers when net.link.tap.user_open is non-zero.

Note: 'ifconfig tapX create' still requires PRIV_NET_IFCREATE privilege. Reviewed by: rwatson
author: bms <bms@FreeBSD.org> 2007-02-05 11:29:08 +0000
committer: bms <bms@FreeBSD.org> 2007-02-05 11:29:08 +0000
commit: 94de0f0fd023089743dfde41f9c02d55e6136af2 (patch)
tree: 83626f03295042dc5617b8e9b4697ea7275674eb /sys/net/if_tap.c
parent: 31c46b8cac1b8cad00f650c04fadea3cc282288c (diff)
download: FreeBSD-src-94de0f0fd023089743dfde41f9c02d55e6136af2.zip
FreeBSD-src-94de0f0fd023089743dfde41f9c02d55e6136af2.tar.gz
1 files changed, 2 insertions, 5 deletions
diff --git a/sys/net/if_tap.c b/sys/net/if_tap.c
index 9fa10b5..0dcaba0 100644
--- a/sys/net/if_tap.c
+++ b/sys/net/if_tap.c
@@ -340,11 +340,8 @@ tapclone(void *arg, struct ucred *cred, char *name, int namelen, struct cdev **d
 	if (*dev != NULL)
 		return;
 
-	/*
-	 * If tap cloning is enabled, only the superuser can create
-	 * an interface.
-	 */
-	if (!tapdclone || priv_check_cred(cred, PRIV_NET_IFCREATE, 0) != 0)
+	if (!tapdclone ||
+	    (!tapuopen && priv_check_cred(cred, PRIV_NET_IFCREATE, 0) != 0))
 		return;
 
 	unit = 0;
author	bms <bms@FreeBSD.org>	2007-02-05 11:29:08 +0000
committer	bms <bms@FreeBSD.org>	2007-02-05 11:29:08 +0000
commit	94de0f0fd023089743dfde41f9c02d55e6136af2 (patch)
tree	83626f03295042dc5617b8e9b4697ea7275674eb /sys/net/if_tap.c
parent	31c46b8cac1b8cad00f650c04fadea3cc282288c (diff)
download	FreeBSD-src-94de0f0fd023089743dfde41f9c02d55e6136af2.zip FreeBSD-src-94de0f0fd023089743dfde41f9c02d55e6136af2.tar.gz