1*8b26181fSAndroid Build Coastguard Worker#! /bin/sh 2*8b26181fSAndroid Build Coastguard Worker 3*8b26181fSAndroid Build Coastguard Worker# 4*8b26181fSAndroid Build Coastguard Worker# Unfortunately, macOS's devfs is based on the old FreeBSD 5*8b26181fSAndroid Build Coastguard Worker# one, not the current one, so there's no way to configure it 6*8b26181fSAndroid Build Coastguard Worker# to create BPF devices with particular owners or groups. 7*8b26181fSAndroid Build Coastguard Worker# This startup item will make it owned by the admin group, 8*8b26181fSAndroid Build Coastguard Worker# with permissions rw-rw----, so that anybody in the admin 9*8b26181fSAndroid Build Coastguard Worker# group can use programs that capture or send raw packets. 10*8b26181fSAndroid Build Coastguard Worker# 11*8b26181fSAndroid Build Coastguard Worker# Change this as appropriate for your site, e.g. to make 12*8b26181fSAndroid Build Coastguard Worker# it owned by a particular user without changing the permissions, 13*8b26181fSAndroid Build Coastguard Worker# so only that user and the super-user can capture or send raw 14*8b26181fSAndroid Build Coastguard Worker# packets, or give it the permissions rw-r-----, so that 15*8b26181fSAndroid Build Coastguard Worker# only the super-user can send raw packets but anybody in the 16*8b26181fSAndroid Build Coastguard Worker# admin group can capture packets. 17*8b26181fSAndroid Build Coastguard Worker# 18*8b26181fSAndroid Build Coastguard Workerchgrp admin /dev/bpf* 19*8b26181fSAndroid Build Coastguard Workerchmod g+rw /dev/bpf* 20