Date: Tue, 11 Mar 2014 09:42:02 +0000 From: Tom Evans <tevans.uk@googlemail.com> To: Alexander Leidinger <Alexander@leidinger.net> Cc: "freebsd-hackers@freebsd.org" <freebsd-hackers@freebsd.org>, "freebsd-x11@freebsd.org" <freebsd-x11@freebsd.org>, jamie@freebsd.org Subject: Re: [PATCH] Xorg in a jail Message-ID: <CAFHbX1LovZKiJU7-sO21nPWikT4n0ZPjeRjoZNMtp=6Lc4cd5A@mail.gmail.com> In-Reply-To: <20140309190802.00006452@unknown> References: <CAFHbX1JUzM%2BN9Zx=eCQdejvz1jAWcXNHepB2=5ZRuunu1gAG6g@mail.gmail.com> <20140309190802.00006452@unknown>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Mar 9, 2014 at 6:08 PM, Alexander Leidinger <Alexander@leidinger.net> wrote: > Seems you have an old one. Attached is what I was sending to jamie not > long ago (but this is not in the FreeBSD tree due to the conclusion that > such a huge impact on the security part should not be a simple allow.xxx > switch). Yes, I can't actually find it from this computer, but it was a patch on your site. This newer patch you shared (thanks!) is much simpler and more correct. > Do NOT use the sysctls in this patch, they allow all jails to access the > devices, if the devfs rules are appropriate. The attached patch doesn't > have them anymore. > > I had them in in the first implementation, then jamie introduced the > allow.XXX and I transitioned to this but forgot to remove the sysctls > after migrating my jail. I removed them recently before sending the > patch to jamie after his kmem change. Right! I really wasn't sure what I was doing at that point, cargo cult programming until it worked. Thanks to you and Jamie for your hints. Cheers Tom
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAFHbX1LovZKiJU7-sO21nPWikT4n0ZPjeRjoZNMtp=6Lc4cd5A>