aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMichael Tuexen <tuexen@FreeBSD.org>2026-04-30 20:35:07 +0000
committerMichael Tuexen <tuexen@FreeBSD.org>2026-04-30 20:35:07 +0000
commitcf678e30ca015c93edc8a43aeff58cce3249c3af (patch)
treee828891d117160859359a1e2b3caf0bb78c00f1d
parentea1764e5fcf0fc11680dc104e663ae3d1d0fd7be (diff)
devfs: add bpf example
Add an example for allowing members of the network group to read from bpf devices. In particular, this allows members of the network group to monitor traffic without running with root privileges. Reviewed by: markj, glebius Sponsored by: Netflix, Inc. Differential Revision: https://reviews.freebsd.org/D56742
Diffstat
-rw-r--r--sbin/devfs/devfs.conf6
1 files changed, 6 insertions, 0 deletions
diff --git a/sbin/devfs/devfs.conf b/sbin/devfs/devfs.conf
index d3430a2fe844..3e010259a280 100644
--- a/sbin/devfs/devfs.conf
+++ b/sbin/devfs/devfs.conf
@@ -40,3 +40,9 @@
# Allow members of group operator to cat things to the speaker
#own speaker root:operator
#perm speaker 0660
+
+# Allow members of group network to read from bpf devices.
+# In particular, this allows all group members to capture all
+# network traffic using tcpdump or wireshark.
+#own bpf root:network
+#perm bpf 0640
generated by cgit v1.2.3 (git 2.25.1) at 2026-05-17 12:12:45 +0000