Date: Thu, 14 May 2009 17:46:42 +1000 From: Da Rock <freebsd-questions@herveybayaustralia.com.au> To: <freebsd-questions@freebsd.org> Subject: Xorg in a Jail... :) Message-ID: <50609.1242287202@herveybayaustralia.com.au>
next in thread | raw e-mail | index | archive | help
Probably for the umpteenth time this subject line has shown up :) Why break= convention? I'll start here as my audience might be greater: how is this made possible?= I know Alexander Leidinger was working on something, but this isn't compil= ing on 7.1 atm (kern_jail.c: In function 'prison_priv_check': kern_jail.c:7= 54: error: 'jail_dev_io_access_allowed' undeclared (first use in this funct= ion), kern_jail.c: 754: error: (Each undeclared identifier is reported only= once for each function it appears in.), kern_jail.c: 761: error: 'jail_dev= _io_access_allowed_hostname' undeclared (first use in this function), Error= code 1) (Patch failed on hunk 1 of 2 - rev on file is 1.70.2.4.2.1). More importantly I've read in posts elsewhere that a fb (framebuffer) devic= e is being worked on. Besides this, I'm interested in the security of these= methods. From what I've examined (on the system and on the net) only Xorg = is using /dev/io and /dev/mem, so I'm wondering whether it might be possibl= e to tighten security more with regards X AND in doing so make it easier to= run X in a jail. I'm guessing that IF Xorg can be configured (manually?) t= hen access to io could be restricted? Then only fb would be needed instead = of /dev/mem? I'm only shooting off at the hip here- I'm not entirely up on = Xorg runnings... (Docs might be handy? Pointers?) I'll admit that I might not be in a great position to put this in code (I'm= trying to help with a network driver currently- in my spare time :P), I ha= ve 2 kids, a couple of businesses (one of which is the wife's), so I'm kind= a strapped. But I do have plenty of good ideas, and not enough time for my = projects on my list- plus I'm still kinda green on driver writing so its a = slow process. But I'm willing to brain storm, and definitely test :) Anyway, I'd like to work with whats out there currently to run X in a jail,= but I need to get it to compile first (or setup) so some clarity on how to= get this done would be great. Cheers ---- Msg sent via @Mail - http://atmail.com/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?50609.1242287202>