Date: Sun, 6 Dec 2015 21:19:24 +0100 From: Terje Elde <terje@elde.net> To: =?utf-8?Q?Lu=C3=ADs_Fernando_Schultz_Xavier_da_Silveira?= <schultz@ime.usp.br> Cc: Anton Sayetsky <vsasjason@gmail.com>, freebsd-questions@freebsd.org Subject: Re: OSS in jail Message-ID: <87C55BB9-84B2-43B0-BD7D-2E045753C83C@elde.net> In-Reply-To: <20151206195709.GA4100@hpmini> References: <20151206194401.GA3860@hpmini> <CAA2O=b_isQOHepigMgDyDGtOidpbYkLOmvEayCbETfLEbUsDKA@mail.gmail.com> <20151206194851.GA4044@hpmini> <CAA2O=b_o=Jfmg=ny6JDvgeznR_HVpBr%2BBO0anPFDfsUBp_RBKQ@mail.gmail.com> <20151206195709.GA4100@hpmini>
next in thread | previous in thread | raw e-mail | index | archive | help
> On 06 Dec 2015, at 20:57, Lu=C3=ADs Fernando Schultz Xavier da Silveira <s= chultz@ime.usp.br> wrote: >=20 > This is the precise problem. > I need either a stronger form of access control than unix permissions > or two separate devices for playback and recording. > Or maybe a separate OSS stack, in the spirit of VIMAGE. > These options seem unrealistic, but the use case does not seem > unreasonable, which is why I pose the question. Although I haven't tested it for devices, it's likely you can solve this by u= sing MAC, and the "file system firewall"; mac_bsdextended Effectively you can define "firewall rules" for the file system, and thus bl= ock reads from the dsp. Might be a learning curve to get things right though.=20 Terje
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?87C55BB9-84B2-43B0-BD7D-2E045753C83C>