From owner-freebsd-jail@FreeBSD.ORG Fri Oct 9 08:45:37 2009 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 4D75E1065672 for ; Fri, 9 Oct 2009 08:45:37 +0000 (UTC) (envelope-from alexander@leidinger.net) Received: from mail.ebusiness-leidinger.de (mail.ebusiness-leidinger.de [217.11.53.44]) by mx1.freebsd.org (Postfix) with ESMTP id E99958FC25 for ; Fri, 9 Oct 2009 08:45:36 +0000 (UTC) Received: from outgoing.leidinger.net (pD9E2D366.dip.t-dialin.net [217.226.211.102]) by mail.ebusiness-leidinger.de (Postfix) with ESMTPSA id B4AC8844021; Fri, 9 Oct 2009 10:45:30 +0200 (CEST) Received: from webmail.leidinger.net (webmail.leidinger.net [192.168.1.102]) by outgoing.leidinger.net (Postfix) with ESMTP id 8114C89F49; Fri, 9 Oct 2009 10:45:27 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=Leidinger.net; s=outgoing-alex; t=1255077927; bh=CpXj45Pf9MU0fnzL0u0jcGVvqrsbCLuLYysj9Mwb4sM=; h=Message-ID:Date:From:To:Cc:Subject:References:In-Reply-To: MIME-Version:Content-Type:Content-Transfer-Encoding; b=b5/HIwoIPJWuRI3lV7o3O5p3FSGkifbb2zwa5KACsFLDfNdmtNt7Y68nsUxCMkcfZ RRRtEE5jusqn2PuEK3BqjjL+wlfyj+FA4lpfqpRLfjI2dt39C3WhdzeLe3mbBnxYeS pMb+vIcJ/a6dlXep8Hp+Zu/MkxRb368067weEYOSeYJbHx1tDGchGJXw0+k148nrvC cRn9Mcvvwfkh+l70N2OArnmGyp9GFyzVHpkaMSEN7nJRzpxKzxw1U4GLFUGUREZ/An TpfYnpY75wFkh30F9W268yfudrto3EkcvtOFKYXSN7AoXOnXjLRzPFwzVubeNX8VHl bE1VcgJkErZvQ== Received: (from www@localhost) by webmail.leidinger.net (8.14.3/8.13.8/Submit) id n998jRo8048353; Fri, 9 Oct 2009 10:45:27 +0200 (CEST) (envelope-from Alexander@Leidinger.net) Received: from pslux.cec.eu.int (pslux.cec.eu.int [158.169.9.14]) by webmail.leidinger.net (Horde Framework) with HTTP; Fri, 09 Oct 2009 10:45:26 +0200 Message-ID: <20091009104526.12875uad5sybsao0@webmail.leidinger.net> X-Priority: 3 (Normal) Date: Fri, 09 Oct 2009 10:45:26 +0200 From: Alexander Leidinger To: hulibyaka hulibyaka References: In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8; DelSp="Yes"; format="flowed" Content-Disposition: inline Content-Transfer-Encoding: 7bit User-Agent: Internet Messaging Program (IMP) H3 (4.3.5) / FreeBSD-8.0 X-EBL-MailScanner-Information: Please contact the ISP for more information X-EBL-MailScanner-ID: B4AC8844021.8C487 X-EBL-MailScanner: Found to be clean X-EBL-MailScanner-SpamCheck: not spam, spamhaus-ZEN, SpamAssassin (not cached, score=-1.44, required 6, autolearn=disabled, ALL_TRUSTED -1.44, DKIM_SIGNED 0.00, DKIM_VERIFIED -0.00) X-EBL-MailScanner-From: alexander@leidinger.net X-EBL-MailScanner-Watermark: 1255682731.2381@/5ASa5A7bD4l1zCae9XCaA X-EBL-Spam-Status: No Cc: freebsd-jail@freebsd.org Subject: Re: xorg in jail X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 09 Oct 2009 08:45:37 -0000 Quoting hulibyaka hulibyaka (from Thu, 8 Oct 2009 22:01:23 +0400): > What the difference for restriction on /dev/io between chroot and > jail? How can i get all needed by xinit privileges on /dev/io within > jail ? There are additional access restrictions in the kernel when run in a jail. You need http://www.leidinger.net/FreeBSD/current-patches/jail.diff and you need to rebuild the kernel and the world. After that you need to add jail_JAILID_startparams="allow.dev_io_access" for your jail startup. Bye, Alexander. -- Pie are not square. Pie are round. Cornbread are square. http://www.Leidinger.net Alexander @ Leidinger.net: PGP ID = B0063FE7 http://www.FreeBSD.org netchild @ FreeBSD.org : PGP ID = 72077137