Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 6 Dec 2015 21:19:24 +0100
From:      Terje Elde <terje@elde.net>
To:        =?utf-8?Q?Lu=C3=ADs_Fernando_Schultz_Xavier_da_Silveira?= <schultz@ime.usp.br>
Cc:        Anton Sayetsky <vsasjason@gmail.com>, freebsd-questions@freebsd.org
Subject:   Re: OSS in jail
Message-ID:  <87C55BB9-84B2-43B0-BD7D-2E045753C83C@elde.net>
In-Reply-To: <20151206195709.GA4100@hpmini>
References:  <20151206194401.GA3860@hpmini> <CAA2O=b_isQOHepigMgDyDGtOidpbYkLOmvEayCbETfLEbUsDKA@mail.gmail.com> <20151206194851.GA4044@hpmini> <CAA2O=b_o=Jfmg=ny6JDvgeznR_HVpBr+BO0anPFDfsUBp_RBKQ@mail.gmail.com> <20151206195709.GA4100@hpmini>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help

> On 06 Dec 2015, at 20:57, Lu=C3=ADs Fernando Schultz Xavier da Silveira <s=
chultz@ime.usp.br> wrote:
>=20
> This is the precise problem.
> I need either a stronger form of access control than unix permissions
> or two separate devices for playback and recording.
> Or maybe a separate OSS stack, in the spirit of VIMAGE.
> These options seem unrealistic, but the use case does not seem
> unreasonable, which is why I pose the question.

Although I haven't tested it for devices, it's likely you can solve this by u=
sing MAC, and the "file system firewall"; mac_bsdextended

Effectively you can define "firewall rules" for the file system, and thus bl=
ock reads from the dsp.

Might be a learning curve to get things right though.=20

Terje






Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?87C55BB9-84B2-43B0-BD7D-2E045753C83C>