Date: Wed, 29 Jan 2014 06:49:01 -0700 From: James Gritton <jamie@freebsd.org> To: Gleb Smirnoff <glebius@FreeBSD.org>, netchild@FreeBSD.org Cc: svn-src-head@freebsd.org, svn-src-all@freebsd.org, src-committers@freebsd.org Subject: Re: svn commit: r261266 - in head: sys/dev/drm sys/kern sys/sys usr.sbin/jail Message-ID: <52E906CD.9050202@freebsd.org> In-Reply-To: <20140129134344.GW66160@FreeBSD.org> References: <201401291341.s0TDfDcB068211@svn.freebsd.org> <20140129134344.GW66160@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
It does. I included a warning in jail.8 that this will pretty much undo jail security. There are still reasons some may want to do this, but it's definitely not for everyone or even most people. - Jamie On 1/29/2014 6:43 AM, Gleb Smirnoff wrote: > On Wed, Jan 29, 2014 at 01:41:13PM +0000, Jamie Gritton wrote: > J> Author: jamie > J> Date: Wed Jan 29 13:41:13 2014 > J> New Revision: 261266 > J> URL: http://svnweb.freebsd.org/changeset/base/261266 > J> > J> Log: > J> Add a jail parameter, allow.kmem, which lets jailed processes access > J> /dev/kmem and related devices (i.e. grants PRIV_IO and PRIV_KMEM_WRITE). > J> This in conjunction with changing the drm driver's permission check from > J> PRIV_DRIVER to PRIV_KMEM_WRITE will allow a jailed Xorg server. > J> > J> Submitted by: netchild > > Doesn't this allow to easily unjail self? :)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?52E906CD.9050202>