From owner-svn-src-all@FreeBSD.ORG Fri Sep 6 18:18:29 2013 Return-Path: Delivered-To: svn-src-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id D161680B; Fri, 6 Sep 2013 18:18:29 +0000 (UTC) (envelope-from glebius@FreeBSD.org) Received: from cell.glebius.int.ru (glebius.int.ru [81.19.69.10]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 5BB5E24A2; Fri, 6 Sep 2013 18:18:28 +0000 (UTC) Received: from cell.glebius.int.ru (localhost [127.0.0.1]) by cell.glebius.int.ru (8.14.7/8.14.7) with ESMTP id r86IIQRq021244; Fri, 6 Sep 2013 22:18:26 +0400 (MSK) (envelope-from glebius@FreeBSD.org) Received: (from glebius@localhost) by cell.glebius.int.ru (8.14.7/8.14.7/Submit) id r86IIQZP021243; Fri, 6 Sep 2013 22:18:26 +0400 (MSK) (envelope-from glebius@FreeBSD.org) X-Authentication-Warning: cell.glebius.int.ru: glebius set sender to glebius@FreeBSD.org using -f Date: Fri, 6 Sep 2013 22:18:26 +0400 From: Gleb Smirnoff To: Jamie Gritton Subject: Re: svn commit: r255316 - head/sys/kern Message-ID: <20130906181826.GL4574@FreeBSD.org> References: <201309061732.r86HWTha054904@svn.freebsd.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <201309061732.r86HWTha054904@svn.freebsd.org> User-Agent: Mutt/1.5.21 (2010-09-15) Cc: svn-src-head@freebsd.org, svn-src-all@freebsd.org, src-committers@freebsd.org X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 06 Sep 2013 18:18:29 -0000 On Fri, Sep 06, 2013 at 05:32:29PM +0000, Jamie Gritton wrote: J> Author: jamie J> Date: Fri Sep 6 17:32:29 2013 J> New Revision: 255316 J> URL: http://svnweb.freebsd.org/changeset/base/255316 J> J> Log: J> Keep PRIV_KMEM_READ permitted inside jails as it is on the outside. J> J> Modified: J> head/sys/kern/kern_jail.c J> J> Modified: head/sys/kern/kern_jail.c J> ============================================================================== J> --- head/sys/kern/kern_jail.c Fri Sep 6 17:19:57 2013 (r255315) J> +++ head/sys/kern/kern_jail.c Fri Sep 6 17:32:29 2013 (r255316) J> @@ -3885,6 +3885,13 @@ prison_priv_check(struct ucred *cred, in J> case PRIV_VFS_SETGID: J> case PRIV_VFS_STAT: J> case PRIV_VFS_STICKYFILE: J> + J> + /* J> + * As in the non-jail case, non-root users are expected to be J> + * able to read kernel/phyiscal memory (provided /dev/[k]mem J> + * exists in the jail and they have permission to access it). J> + */ J> + case PRIV_KMEM_READ: J> return (0); J> J> /* Was that discussed anywhere or reviewed by anyone? -- Totus tuus, Glebius.