Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 29 Jan 2014 06:49:01 -0700
From:      James Gritton <jamie@freebsd.org>
To:        Gleb Smirnoff <glebius@FreeBSD.org>, netchild@FreeBSD.org
Cc:        svn-src-head@freebsd.org, svn-src-all@freebsd.org, src-committers@freebsd.org
Subject:   Re: svn commit: r261266 - in head: sys/dev/drm sys/kern sys/sys usr.sbin/jail
Message-ID:  <52E906CD.9050202@freebsd.org>
In-Reply-To: <20140129134344.GW66160@FreeBSD.org>
References:  <201401291341.s0TDfDcB068211@svn.freebsd.org> <20140129134344.GW66160@FreeBSD.org>

next in thread | previous in thread | raw e-mail | index | archive | help
It does.  I included a warning in jail.8 that this will pretty much
undo jail security.  There are still reasons some may want to do this,
but it's definitely not for everyone or even most people.

- Jamie

On 1/29/2014 6:43 AM, Gleb Smirnoff wrote:
> On Wed, Jan 29, 2014 at 01:41:13PM +0000, Jamie Gritton wrote:
> J> Author: jamie
> J> Date: Wed Jan 29 13:41:13 2014
> J> New Revision: 261266
> J> URL: http://svnweb.freebsd.org/changeset/base/261266
> J>
> J> Log:
> J>   Add a jail parameter, allow.kmem, which lets jailed processes access
> J>   /dev/kmem and related devices (i.e. grants PRIV_IO and PRIV_KMEM_WRITE).
> J>   This in conjunction with changing the drm driver's permission check from
> J>   PRIV_DRIVER to PRIV_KMEM_WRITE will allow a jailed Xorg server.
> J>
> J>   Submitted by:	netchild
>
> Doesn't this allow to easily unjail self? :)



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?52E906CD.9050202>