Date: Sat, 07 Mar 2026 06:23:03 +0000 From: Vladlen Popolitov <vladlen@FreeBSD.org> To: doc-committers@FreeBSD.org, dev-commits-doc-all@FreeBSD.org Cc: Kyle Evans <kevans@FreeBSD.org> Subject: git: da1b8e42cf - main - 14.4/relnotes: tweak the entry about child jail tampering Message-ID: <69abc447.19358.eebb710@gitrepo.freebsd.org>
index | next in thread | raw e-mail
The branch main has been updated by vladlen: URL: https://cgit.FreeBSD.org/doc/commit/?id=da1b8e42cf4ab81c60dcb2e3394a1633ccc63bd8 commit da1b8e42cf4ab81c60dcb2e3394a1633ccc63bd8 Author: Kyle Evans <kevans@FreeBSD.org> AuthorDate: 2026-03-07 06:21:24 +0000 Commit: Vladlen Popolitov <vladlen@FreeBSD.org> CommitDate: 2026-03-07 06:21:24 +0000 14.4/relnotes: tweak the entry about child jail tampering Reviewed by: ziaee, vladlen Approved by: ziaee, re (implicit) Differential Revision: https://reviews.freebsd.org/D55675 --- website/content/en/releases/14.4R/relnotes.adoc | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/website/content/en/releases/14.4R/relnotes.adoc b/website/content/en/releases/14.4R/relnotes.adoc index d5fe6721c1..2a6158633b 100644 --- a/website/content/en/releases/14.4R/relnotes.adoc +++ b/website/content/en/releases/14.4R/relnotes.adoc @@ -372,7 +372,9 @@ This section covers changes to kernel configurations, system tuning, and system [[kernel-general]] === General Kernel Changes -The man:jail[8] system now restricts unprivileged users in a parent jail from scheduling, debugging, or signaling processes in subordinate jails by default. New privileges PRIV_SCHED_DIFFJAIL, PRIV_DEBUG_DIFFJAIL, and PRIV_SIGNAL_DIFFJAIL are required for such cross-jail operations. A new jail parameter allow.unprivileged_parent_tampering is introduced for backward compatibility in FreeBSD 14.x, but will be disabled by default in FreeBSD 15.x, affecting development setups that rely on cross-jail process management. +The man:jail[8] system will restrict unprivileged users in a parent jail from scheduling, debugging, or signaling processes in subordinate jails by default in FreeBSD 15.0 and later. +New privileges PRIV_SCHED_DIFFJAIL, PRIV_DEBUG_DIFFJAIL, and PRIV_SIGNAL_DIFFJAIL are required for such cross-jail operations. +A new jail parameter allow.nounprivileged_parent_tampering is introduced in FreeBSD 14.x to enable early adoption of the new behavior, but this will become enabled by default in FreeBSD 15.x, affecting development setups that rely on cross-jail process management. gitref:5c6949e12ee6[repository=src]. The change fixes a race condition in the powerpc context switch code that could cause the system to hang after starting all APs, particularly in qemu-system-ppc64 power9 pseries guests.home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?69abc447.19358.eebb710>