Date: Thu, 30 Apr 2026 20:38:50 +0000 From: Michael Tuexen <tuexen@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org Subject: git: cf678e30ca01 - main - devfs: add bpf example Message-ID: <69f3bdda.42ea3.7e279350@gitrepo.freebsd.org>
index | next in thread | raw e-mail
The branch main has been updated by tuexen: URL: https://cgit.FreeBSD.org/src/commit/?id=cf678e30ca015c93edc8a43aeff58cce3249c3af commit cf678e30ca015c93edc8a43aeff58cce3249c3af Author: Michael Tuexen <tuexen@FreeBSD.org> AuthorDate: 2026-04-30 20:35:07 +0000 Commit: Michael Tuexen <tuexen@FreeBSD.org> CommitDate: 2026-04-30 20:35:07 +0000 devfs: add bpf example Add an example for allowing members of the network group to read from bpf devices. In particular, this allows members of the network group to monitor traffic without running with root privileges. Reviewed by: markj, glebius Sponsored by: Netflix, Inc. Differential Revision: https://reviews.freebsd.org/D56742 --- sbin/devfs/devfs.conf | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/sbin/devfs/devfs.conf b/sbin/devfs/devfs.conf index d3430a2fe844..3e010259a280 100644 --- a/sbin/devfs/devfs.conf +++ b/sbin/devfs/devfs.conf @@ -40,3 +40,9 @@ # Allow members of group operator to cat things to the speaker #own speaker root:operator #perm speaker 0660 + +# Allow members of group network to read from bpf devices. +# In particular, this allows all group members to capture all +# network traffic using tcpdump or wireshark. +#own bpf root:network +#perm bpf 0640home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?69f3bdda.42ea3.7e279350>