Manualshelf

User manual

ManualsBrandsVax ManualsHousehold AppliancesV-046
21222324252627282930
OS X
24
Running a connection from VAX MP to remote hosts via NIC is possible with non-root account, however
use of TAP connection from VAX MP to local host or other virtual machines running on the local host
requires running VAX MP as root (via
sudo). Therefore if you intend to be able to make virtual network
connection between VAX MP and local host, as you likely will, you would have to run VAX MP as root
(via
sudo) anyway. In this case you can disregard interface security related guidelines in set-up
instructions below.
OS X comes pre-packaged with
libpcap that is used by VAX MP for networking. Therefore no separate
installation of
libpcap is required. However libpcap requires read-write access to devices /dev/bpf*.
By default the access to these devices is limited to root only.
If you want to run VAX MP under the account or accounts other than root, you should enable access to
bpf*” devices for the account that will be used to run VAX MP. Note that bpf devices are re-created
each time the system boots, therefore permissions on them should be adjusted each time after a reboot,
ideally by providing a script that does it at boot time.
Libpcap site does provide such script and instructions on how to install it:
http://cvs.tcpdump.org/cgi-bin/cvsweb/cvs/libpcap/chmod_bpf?rev=1.1.2.1
http://cvs.tcpdump.org/cgi-bin/cvsweb/cvs/libpcap/README.macosx?rev=1.2
http://cvs.tcpdump.org/cgi-bin/cvsweb/cvs/libpcap/ChmodBPF/ChmodBPF?rev=1.1
http://cvs.tcpdump.org/cgi-
bin/cvsweb/cvs/libpcap/ChmodBPF/StartupParameters.plist?rev=1.1
Script chmod_bpf as provided by tcpdump.org assumes that all users running VAX MP (or other SIMH
based simulators with network access) will belong to group
admin.
1
Instead of making each user needing to run VAX MP a member of
admin group, it is possible to define a
special group that controls access to
bpf devices and nothing else, let us say the group named pcaprw.
You can create this group using OS X Server Admin tool or
dscl commands. Once the group is created,
add all users who need to run VAX MP as members of this group. You can easily check the list of groups
a user belongs to with OS X command
id username
Now modify file chmod_bpf to set pcaprw as the owning group of bpf devices, instead of admin:
chgrp pcaprw /dev/bpf*
chmod g+rw /dev/bpf*
Execute this file:
sudo /usr/local/bin/chmod_bpf
and ensure device protection is set correctly:
1
It might be tempting to replace it with ACL based access, however unfortunately OS X devfs does not support
ACLs, so access control has to be group based.