2010/9/12 Lucio De Re :
> It's very, very helpful. I would, and almost certainly will, have
> split the "tunnel" and "openvpn" portions into two scripts (a selector
> of some type might be good enough, but isn't easily justified), because
> I'm sure that they don't overlap quite the way the presen
On Sun, Sep 12, 2010 at 12:27:07PM -0700, Bakul Shah wrote:
>
> On a mac you don't need root perms to open a tap device.
This is sorted out to my satisfaction, thank you.
>
> Here you have two choices:
>
I think I lack some of the terminology to get my mind around all this,
but some experime
On Sun, Sep 12, 2010 at 07:30:05PM +0200, yy wrote:
>
> 2010/9/12 Lucio De Re :
> > My thinking is that 9vx could start up as root
> > [ ... ]
>
> The advantage of the tap device is precisely that it does not need
> root permissions. You need those permissions to manage the devices,
> but that wi
On Sun, 12 Sep 2010 19:30:05 +0200 yy wrote:
> 2010/9/12 Lucio De Re :
> > My thinking is that 9vx could start up as root
> > to install the TAP device (nothing else so far has alerted me to a need
> > for root permissions), then switch user to the selected one (if it exists,
> > "nobody" may be
2010/9/12 Lucio De Re :
> My thinking is that 9vx could start up as root
> to install the TAP device (nothing else so far has alerted me to a need
> for root permissions), then switch user to the selected one (if it exists,
> "nobody" may be needed if there is no equivalent in the host repertoire)
On Sun, Sep 12, 2010 at 9:17 AM, Lucio De Re wrote:
> Back to the question, then: is there any reason why I should not be
> looking into doing this?
I'm kind of a "go ahead and do it" person w.r.t. this, and I certainly
have no ownership of 9vx, so I'd say "why not?" The more the merrier.
orn
Besides the issue of (not) understanding TAP and so having no access to
networking, what struck me while experimenting with a very remarkable 9vx
installation (9vx is impressive, not my installation thereof :-) was that
if you start it as root, you retain root credentials within the sandbox,
irresp
