From owner-freebsd-hackers@FreeBSD.ORG  Wed Mar 12 03:19:48 2014
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Delivered-To: freebsd-hackers@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 49A3BFA6;
 Wed, 12 Mar 2014 03:19:48 +0000 (UTC)
Received: from mail-pa0-x236.google.com (mail-pa0-x236.google.com
 [IPv6:2607:f8b0:400e:c03::236])
 (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits))
 (No client certificate requested)
 by mx1.freebsd.org (Postfix) with ESMTPS id 173A09C5;
 Wed, 12 Mar 2014 03:19:48 +0000 (UTC)
Received: by mail-pa0-f54.google.com with SMTP id lf10so458551pab.41
 for <multiple recipients>; Tue, 11 Mar 2014 20:19:47 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
 h=mime-version:in-reply-to:references:date:message-id:subject:from:to
 :cc:content-type;
 bh=74mfxOUO+Bka82Q63EAE3NrNVZGr5ZP106Xqb1YZSI8=;
 b=tLHv6Fjwkg6fAwzJLjlFvQqDPRh2q/IcwwCpJ2MLCIgwQfzrCM2Ov+R2mOXYWEDA4A
 mMPISFsmF78Hhw3ifUe82flH+T4IQLKR/Bj5MbyhTUYNCkyA0Cxel2rpRW2zlLpMQukN
 fcV0vPG71Csto62jll6dAIRP9sb8xEWO+ykMxOl1UKSozzb0Qe00M01yySMjhP4u+sTC
 VEadHkCeuD5gHh4R95j966Pjwc2WRNBIKiVUBDazEI9+CzOHRl90H09XD31j/KcLr5u2
 cqqD7Bwj1/tInMlE/XS32SG3yLzB7Mk3omX2j92Z+ZGfH+ly2VQoV9Ry/u7KYWRYe6QD
 r20Q==
MIME-Version: 1.0
X-Received: by 10.66.139.169 with SMTP id qz9mr2026317pab.16.1394594387651;
 Tue, 11 Mar 2014 20:19:47 -0700 (PDT)
Received: by 10.70.8.34 with HTTP; Tue, 11 Mar 2014 20:19:47 -0700 (PDT)
In-Reply-To: <CAFHbX1JUzM+N9Zx=eCQdejvz1jAWcXNHepB2=5ZRuunu1gAG6g@mail.gmail.com>
References: <CAFHbX1JUzM+N9Zx=eCQdejvz1jAWcXNHepB2=5ZRuunu1gAG6g@mail.gmail.com>
Date: Wed, 12 Mar 2014 07:19:47 +0400
Message-ID: <CAFt_eMoJ+jazxga+sppyjtivT1gZc3=+V9eYAoiHe18JOHAdCQ@mail.gmail.com>
Subject: Re: [PATCH] Xorg in a jail
From: Subbsd <subbsd@gmail.com>
To: Tom Evans <tevans.uk@googlemail.com>
Content-Type: text/plain; charset=ISO-8859-1
Cc: "freebsd-hackers@freebsd.org" <freebsd-hackers@freebsd.org>,
 "freebsd-x11@freebsd.org" <freebsd-x11@freebsd.org>,
 Jamie Gritton <jamie@freebsd.org>,
 Alexander Leidinger <Alexander@leidinger.net>
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
 <freebsd-hackers.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-hackers>, 
 <mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers/>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
 <mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 12 Mar 2014 03:19:48 -0000

Hello, maillist


On Sun, Mar 9, 2014 at 5:26 AM, Tom Evans <tevans.uk@googlemail.com> wrote:
> I'm not sure I did the jail allow parameters right, but it works for
> me - I would appreciate someone more competent taking a look! Also,
> dev_io_access should probably be renamed or using it to control access
> to /dev/mem split out from it? Also, is the style right? vim: noet
> sw=8 ts=8 is what I was using.
>
> Cheers
>
> Tom
>
> PS: I haven't tested any input devices yet with this, let me know!

I've tested this patch on FreeBSD 11 + fluxbox jail and it works perfectly.

Nvidia require in devfs.rules next rule:
--
add path 'nvidia*' unhide
--

also i had to add
--
add path sysmouse unhide
--

due to a have
--
Section "ServerFlags"
    Option         "AutoAddDevices" "off"
EndSection
--

in my xorg.conf for independence of hald.

Despite violation of idea of safety of jail, it is very good feature
for private purposes/X-jails.

If it never is in basic system where it is possible to look for the
last actual version of a patch?