From owner-freebsd-questions@freebsd.org  Sun Dec  6 20:19:36 2015
Return-Path: <owner-freebsd-questions@freebsd.org>
Delivered-To: freebsd-questions@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 628EE7BFF
 for <freebsd-questions@mailman.ysv.freebsd.org>;
 Sun,  6 Dec 2015 20:19:36 +0000 (UTC) (envelope-from terje@elde.net)
Received: from rand.keepquiet.net (keepquiet.net [144.76.43.178])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "keepquiet.net",
 Issuer "COMODO RSA Domain Validation Secure Server CA" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 2C8EE19AC
 for <freebsd-questions@freebsd.org>; Sun,  6 Dec 2015 20:19:35 +0000 (UTC)
 (envelope-from terje@elde.net)
Received: from [10.130.11.109] (cm-84.210.87.28.getinternet.no [84.210.87.28])
 (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits))
 (No client certificate requested)
 (Authenticated sender: terje@elde.net)
 by rand.keepquiet.net (Postfix) with ESMTPSA id ED5127FA;
 Sun,  6 Dec 2015 20:19:25 +0000 (UTC)
Content-Type: text/plain;
	charset=utf-8
Mime-Version: 1.0 (1.0)
Subject: Re: OSS in jail
From: Terje Elde <terje@elde.net>
X-Mailer: iPhone Mail (13B143)
In-Reply-To: <20151206195709.GA4100@hpmini>
Date: Sun, 6 Dec 2015 21:19:24 +0100
Cc: Anton Sayetsky <vsasjason@gmail.com>, freebsd-questions@freebsd.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <87C55BB9-84B2-43B0-BD7D-2E045753C83C@elde.net>
References: <20151206194401.GA3860@hpmini>
 <CAA2O=b_isQOHepigMgDyDGtOidpbYkLOmvEayCbETfLEbUsDKA@mail.gmail.com>
 <20151206194851.GA4044@hpmini>
 <CAA2O=b_o=Jfmg=ny6JDvgeznR_HVpBr+BO0anPFDfsUBp_RBKQ@mail.gmail.com>
 <20151206195709.GA4100@hpmini>
To: =?utf-8?Q?Lu=C3=ADs_Fernando_Schultz_Xavier_da_Silveira?=
 <schultz@ime.usp.br>
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions/>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 06 Dec 2015 20:19:36 -0000


> On 06 Dec 2015, at 20:57, Lu=C3=ADs Fernando Schultz Xavier da Silveira <s=
chultz@ime.usp.br> wrote:
>=20
> This is the precise problem.
> I need either a stronger form of access control than unix permissions
> or two separate devices for playback and recording.
> Or maybe a separate OSS stack, in the spirit of VIMAGE.
> These options seem unrealistic, but the use case does not seem
> unreasonable, which is why I pose the question.

Although I haven't tested it for devices, it's likely you can solve this by u=
sing MAC, and the "file system firewall"; mac_bsdextended

Effectively you can define "firewall rules" for the file system, and thus bl=
ock reads from the dsp.

Might be a learning curve to get things right though.=20

Terje