From cf678e30ca015c93edc8a43aeff58cce3249c3af Mon Sep 17 00:00:00 2001 From: Michael Tuexen Date: Thu, 30 Apr 2026 22:35:07 +0200 Subject: [PATCH] devfs: add bpf example Add an example for allowing members of the network group to read from bpf devices. In particular, this allows members of the network group to monitor traffic without running with root privileges. Reviewed by: markj, glebius Sponsored by: Netflix, Inc. Differential Revision: https://reviews.freebsd.org/D56742 --- sbin/devfs/devfs.conf | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/sbin/devfs/devfs.conf b/sbin/devfs/devfs.conf index d3430a2fe84..3e010259a28 100644 --- a/sbin/devfs/devfs.conf +++ b/sbin/devfs/devfs.conf @@ -40,3 +40,9 @@ # Allow members of group operator to cat things to the speaker #own speaker root:operator #perm speaker 0660 + +# Allow members of group network to read from bpf devices. +# In particular, this allows all group members to capture all +# network traffic using tcpdump or wireshark. +#own bpf root:network +#perm bpf 0640