Date: Mon, 08 Aug 2016 21:44:57 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-jail@FreeBSD.org Subject: [Bug 211580] deny system message buffer access from jails Message-ID: <bug-211580-9824-ssDHaeFS5L@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-211580-9824@https.bugs.freebsd.org/bugzilla/> References: <bug-211580-9824@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D211580 --- Comment #7 from Bjoern A. Zeeb <bz@FreeBSD.org> --- Created attachment 173424 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D173424&action= =3Dedit Patch to allow per-jail msgbuf access Move the sysctl priv check from the kernel msgbuf sysctl to kern_priv.c. This not only allows jails to overrule the global decision but also MAC possibly. The global sysctl to allow unpriv read stays and equally works inside jails (but not per jail). However jails can entirely disable access now (on by default). Misses a man page update for allow.read_msgbuf [with allow.noread_msgbuf as counter-option]. --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-211580-9824-ssDHaeFS5L>