Date: Sun, 6 Dec 2015 19:44:56 -0200 From: =?utf-8?B?THXDrXM=?= Fernando Schultz Xavier da Silveira <schultz@ime.usp.br> To: Terje Elde <terje@elde.net> Cc: Anton Sayetsky <vsasjason@gmail.com>, freebsd-questions@freebsd.org Subject: Re: OSS in jail Message-ID: <20151206214455.GA5435@hpmini> In-Reply-To: <87C55BB9-84B2-43B0-BD7D-2E045753C83C@elde.net> References: <20151206194401.GA3860@hpmini> <CAA2O=b_isQOHepigMgDyDGtOidpbYkLOmvEayCbETfLEbUsDKA@mail.gmail.com> <20151206194851.GA4044@hpmini> <CAA2O=b_o=Jfmg=ny6JDvgeznR_HVpBr%2BBO0anPFDfsUBp_RBKQ@mail.gmail.com> <20151206195709.GA4100@hpmini> <87C55BB9-84B2-43B0-BD7D-2E045753C83C@elde.net>
next in thread | previous in thread | raw e-mail | index | archive | help
This is very promising. I will give it a shot. Thanks very much. On Sun, Dec 06, 2015 at 09:19:24PM +0100, Terje Elde wrote: > > > On 06 Dec 2015, at 20:57, Luís Fernando Schultz Xavier da Silveira <schultz@ime.usp.br> wrote: > > > > This is the precise problem. > > I need either a stronger form of access control than unix permissions > > or two separate devices for playback and recording. > > Or maybe a separate OSS stack, in the spirit of VIMAGE. > > These options seem unrealistic, but the use case does not seem > > unreasonable, which is why I pose the question. > > Although I haven't tested it for devices, it's likely you can solve this by using MAC, and the "file system firewall"; mac_bsdextended > > Effectively you can define "firewall rules" for the file system, and thus block reads from the dsp. > > Might be a learning curve to get things right though. > > Terje > > > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20151206214455.GA5435>