Set username explicitly

2026-02-07 21:46:39 +00:00 · 2025-12-08 15:38:56 -05:00
parent c604f46065
commit 0e76b77adc
2 changed files with 63 additions and 6 deletions
--- a/clients/permissions/permissions_freebsd.go
+++ b/clients/permissions/permissions_freebsd.go
@@ -0,0 +1,57 @@
+//go:build freebsd
+
+package permissions
+
+import (
+	"fmt"
+	"os"
+
+	"github.com/fosrl/newt/logger"
+)
+
+const (
+	// TUN device on FreeBSD
+	tunDevice = "/dev/tun"
+	ifnamsiz  = 16
+	iffTun    = 0x0001
+	iffNoPi   = 0x1000
+)
+
+// ifReq is the structure for TUN interface configuration
+type ifReq struct {
+	Name  [ifnamsiz]byte
+	Flags uint16
+	_     [22]byte // padding to match kernel structure
+}
+
+// CheckNativeInterfacePermissions checks if the process has sufficient
+// permissions to create a native TUN interface on FreeBSD.
+// This requires root privileges (UID 0).
+func CheckNativeInterfacePermissions() error {
+	logger.Debug("Checking native interface permissions on FreeBSD")
+
+	// Check if running as root
+	if os.Geteuid() == 0 {
+		logger.Debug("Running as root, sufficient permissions for native TUN interface")
+		return nil
+	}
+
+	// On FreeBSD, only root can create TUN interfaces
+	// Try to open the TUN device to verify
+	return tryOpenTunDevice()
+}
+
+// tryOpenTunDevice attempts to open the TUN device to verify permissions.
+// On FreeBSD, /dev/tun is a cloning device that creates a new interface
+// when opened.
+func tryOpenTunDevice() error {
+	// Try opening /dev/tun (cloning device)
+	f, err := os.OpenFile(tunDevice, os.O_RDWR, 0)
+	if err != nil {
+		return fmt.Errorf("cannot open %s: %v (need root privileges)", tunDevice, err)
+	}
+	defer f.Close()
+
+	logger.Debug("Successfully opened TUN device, sufficient permissions for native TUN interface")
+	return nil
+}