From owner-freebsd-questions@FreeBSD.ORG Thu May 14 07:58:16 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id BA8F1106566B for ; Thu, 14 May 2009 07:58:16 +0000 (UTC) (envelope-from freebsd-questions@herveybayaustralia.com.au) Received: from mail.unitedinsong.com.au (mail.unitedinsong.com.au [150.101.178.33]) by mx1.freebsd.org (Postfix) with ESMTP id 72AB28FC21 for ; Thu, 14 May 2009 07:58:16 +0000 (UTC) (envelope-from freebsd-questions@herveybayaustralia.com.au) Received: from localhost (unknown [192.168.0.50]) by mail.unitedinsong.com.au (Postfix) with ESMTP id C4FBE17643 for ; Thu, 14 May 2009 07:45:31 +1000 (EST) MIME-Version: 1.0 X-Priority: Normal X-Mailer: AtMail AtMail Open 1.0 Message-ID: <50609.1242287202@herveybayaustralia.com.au> To: Content-Type: text/plain; charset="utf-8" X-Origin: 192.168.0.199 X-Atmail-Account: freebsd-questions@herveybayaustralia.com.au Date: Thu, 14 May 2009 17:46:42 +1000 From: Da Rock Content-Transfer-Encoding: quoted-printable Subject: Xorg in a Jail... :) X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: freebsd-questions@herveybayaustralia.com.au List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 May 2009 07:58:17 -0000 Probably for the umpteenth time this subject line has shown up :) Why break= convention? I'll start here as my audience might be greater: how is this made possible?= I know Alexander Leidinger was working on something, but this isn't compil= ing on 7.1 atm (kern_jail.c: In function 'prison_priv_check': kern_jail.c:7= 54: error: 'jail_dev_io_access_allowed' undeclared (first use in this funct= ion), kern_jail.c: 754: error: (Each undeclared identifier is reported only= once for each function it appears in.), kern_jail.c: 761: error: 'jail_dev= _io_access_allowed_hostname' undeclared (first use in this function), Error= code 1) (Patch failed on hunk 1 of 2 - rev on file is 1.70.2.4.2.1). More importantly I've read in posts elsewhere that a fb (framebuffer) devic= e is being worked on. Besides this, I'm interested in the security of these= methods. From what I've examined (on the system and on the net) only Xorg = is using /dev/io and /dev/mem, so I'm wondering whether it might be possibl= e to tighten security more with regards X AND in doing so make it easier to= run X in a jail. I'm guessing that IF Xorg can be configured (manually?) t= hen access to io could be restricted? Then only fb would be needed instead = of /dev/mem? I'm only shooting off at the hip here- I'm not entirely up on = Xorg runnings... (Docs might be handy? Pointers?) I'll admit that I might not be in a great position to put this in code (I'm= trying to help with a network driver currently- in my spare time :P), I ha= ve 2 kids, a couple of businesses (one of which is the wife's), so I'm kind= a strapped. But I do have plenty of good ideas, and not enough time for my = projects on my list- plus I'm still kinda green on driver writing so its a = slow process. But I'm willing to brain storm, and definitely test :) Anyway, I'd like to work with whats out there currently to run X in a jail,= but I need to get it to compile first (or setup) so some clarity on how to= get this done would be great. Cheers ---- Msg sent via @Mail - http://atmail.com/