From owner-freebsd-jail@FreeBSD.ORG Sun Oct 11 15:35:43 2009 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 6FC3F106566B for ; Sun, 11 Oct 2009 15:35:43 +0000 (UTC) (envelope-from alexander@leidinger.net) Received: from mail.ebusiness-leidinger.de (mail.ebusiness-leidinger.de [217.11.53.44]) by mx1.freebsd.org (Postfix) with ESMTP id 270688FC08 for ; Sun, 11 Oct 2009 15:35:43 +0000 (UTC) Received: from outgoing.leidinger.net (pD9E2EFEB.dip.t-dialin.net [217.226.239.235]) by mail.ebusiness-leidinger.de (Postfix) with ESMTPSA id BDA6684467B; Sun, 11 Oct 2009 17:35:36 +0200 (CEST) Received: from unknown (IO.Leidinger.net [192.168.2.103]) by outgoing.leidinger.net (Postfix) with ESMTP id 9F02B681DC; Sun, 11 Oct 2009 17:35:33 +0200 (CEST) Date: Sun, 11 Oct 2009 17:35:33 +0200 From: Alexander Leidinger To: Kevin Smith Message-ID: <20091011173533.000018be@unknown> In-Reply-To: <40670A70-FF15-4B7C-A7CB-5DE04E8EB358@gmail.com> References: <20091009104526.12875uad5sybsao0@webmail.leidinger.net> <40670A70-FF15-4B7C-A7CB-5DE04E8EB358@gmail.com> X-Mailer: Claws Mail 3.7.2cvs15 (GTK+ 2.16.0; i586-pc-mingw32msvc) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-EBL-MailScanner-Information: Please contact the ISP for more information X-EBL-MailScanner-ID: BDA6684467B.A26BC X-EBL-MailScanner: Found to be clean X-EBL-MailScanner-SpamCheck: not spam, spamhaus-ZEN, SpamAssassin (not cached, score=-0.763, required 6, autolearn=disabled, ALL_TRUSTED -1.44, J_CHICKENPOX_54 0.60, TW_TV 0.08) X-EBL-MailScanner-From: alexander@leidinger.net X-EBL-MailScanner-Watermark: 1255880138.0453@Pj0Q6LyoKnystUQ2WHxo3A X-EBL-Spam-Status: No Cc: freebsd-jail@freebsd.org Subject: Re: xorg in jail X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 11 Oct 2009 15:35:43 -0000 On Sat, 10 Oct 2009 10:14:26 +0200 Kevin Smith wrote: > Does this patch fix vnc server start error also ? I don't know. The patch allows access to /dev/io. Normally this is not possible, even if /dev/io is visible in the jail, as the kernel disallows all access to it from a jail. > When I try to run tightvncserver in a jail it says: > > A VNC server is already running as :0 I wouldn't expect that a VNC server needs access to /dev/io, so I would be surprised if this would help. > even if there is no vnc server running. You could start it via "ktrace -i tightvncserver" and when it abortet you can have a look with kdump|less what it tries to do. Bye, Alexander. > Thank you, > regards > > On Oct 9, 2009, at 10:45 AM, Alexander Leidinger wrote: > > > Quoting hulibyaka hulibyaka (from Thu, 8 Oct > > 2009 22:01:23 +0400): > > > >> What the difference for restriction on /dev/io between chroot and > >> jail? How can i get all needed by xinit privileges on /dev/io > >> within jail ? > > > > There are additional access restrictions in the kernel when run in > > a jail. You need > > http://www.leidinger.net/FreeBSD/current-patches/jail.diff > > and you need to rebuild the kernel and the world. > > > > After that you need to add > > jail_JAILID_startparams="allow.dev_io_access" for your jail startup. > > > > Bye, > > Alexander. > > > > -- > > Pie are not square. Pie are round. Cornbread are square. > > > > http://www.Leidinger.net Alexander @ Leidinger.net: PGP ID = > > B0063FE7 > > http://www.FreeBSD.org netchild @ FreeBSD.org : PGP ID = > > 72077137 > > _______________________________________________ > > freebsd-jail@freebsd.org mailing list > > http://lists.freebsd.org/mailman/listinfo/freebsd-jail > > To unsubscribe, send any mail to "freebsd-jail- > > unsubscribe@freebsd.org" > > -- > Kevin >