Date: Mon, 7 Dec 2015 08:58:31 -0700 From: markham breitbach <markhamb@corp.ssimicro.com> To: freebsd-questions@freebsd.org Subject: Re: OSS in jail Message-ID: <5665ACA7.80104@corp.ssimicro.com> In-Reply-To: <20151206194401.GA3860@hpmini> References: <20151206194401.GA3860@hpmini>
next in thread | previous in thread | raw e-mail | index | archive | help
This is not a technical problem, and any technical solution will turn into a giant Rube-Goldberg contraption that will ultimately fail. Why are you giving out superuser permissions if you wish to restrict the activities of your users? The right answer to this is to not give out superuser permission. -Markham On 2015-12-06 12:44 PM, Luís Fernando Schultz Xavier da Silveira wrote: > Hi, > > I would like one of my jails to have the ability to play back sound, > but not to record it. As I understand, sound is played back by writing > to /dev/dsp and recorded by reading from it. Hence, placing the /dev/dsp > device (and /dev/dsp[0-9]* devices) in the jail via devfs.rules is not > a solution since the jail superuser can override permissions on these > devices and even read from them when they lack read permission. > > Is there a way to give a device to a jail in read-only mode? > If not, is it possible to create a virtual OSS stack and give that to > the jail? > How would you solve this problem? > > Also, is it possible to give the jail a mixer device that can only read > mixer settings but not alter them? > > Thanks, > Luís > > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5665ACA7.80104>