From owner-svn-src-head@freebsd.org Sat Oct 21 19:29:34 2017 Return-Path: Delivered-To: svn-src-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id ACE70E37E2D; Sat, 21 Oct 2017 19:29:34 +0000 (UTC) (envelope-from allanjude@freebsd.org) Received: from mx1.scaleengine.net (mx1.scaleengine.net [209.51.186.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 86CC667A5F; Sat, 21 Oct 2017 19:29:34 +0000 (UTC) (envelope-from allanjude@freebsd.org) Received: from [10.1.1.2] (unknown [209.51.186.28]) (Authenticated sender: allanjude.freebsd@scaleengine.com) by mx1.scaleengine.net (Postfix) with ESMTPSA id E8DDA13023; Sat, 21 Oct 2017 19:29:32 +0000 (UTC) Subject: Re: svn commit: r318751 - in head/sys: kern sys To: Steve Wills , src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org References: <201705231659.v4NGxOB8013882@repo.freebsd.org> From: Allan Jude Message-ID: Date: Sat, 21 Oct 2017 15:29:28 -0400 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.3.0 MIME-Version: 1.0 In-Reply-To: <201705231659.v4NGxOB8013882@repo.freebsd.org> Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="PQgM5TCpTanP0vUaA5Ipij1vCTKhkeqTB" X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 21 Oct 2017 19:29:34 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --PQgM5TCpTanP0vUaA5Ipij1vCTKhkeqTB Content-Type: multipart/mixed; boundary="unnuTAAAXVjLnG1k4kEwmILShSJFFK4KC"; protected-headers="v1" From: Allan Jude To: Steve Wills , src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Message-ID: Subject: Re: svn commit: r318751 - in head/sys: kern sys References: <201705231659.v4NGxOB8013882@repo.freebsd.org> In-Reply-To: <201705231659.v4NGxOB8013882@repo.freebsd.org> --unnuTAAAXVjLnG1k4kEwmILShSJFFK4KC Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: quoted-printable On 2017-05-23 12:59, Steve Wills wrote: > Author: swills (ports committer) > Date: Tue May 23 16:59:24 2017 > New Revision: 318751 > URL: https://svnweb.freebsd.org/changeset/base/318751 >=20 > Log: > Add security.bsd.see_jail_proc > =20 > Add security.bsd.see_jail_proc sysctl to hide jail processes from non= -root > users > =20 > Reviewed by: jamie > Approved by: allanjude > Relnotes: yes > Differential Revision: https://reviews.freebsd.org/D10770 >=20 I user was asking about this issue on IRC today. I think I have changed my mind a bit. I think we should make the default be off (so you can't see processes in a jail from the host) by default in 12. And that we should MFC this sysctl to stable/11, but not change the default behaviour there. Anyone else have thoughts? --=20 Allan Jude --unnuTAAAXVjLnG1k4kEwmILShSJFFK4KC-- --PQgM5TCpTanP0vUaA5Ipij1vCTKhkeqTB Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (MingW32) iQIcBAEBAgAGBQJZ66AbAAoJEBmVNT4SmAt+2D4QANZ2Iw5lUqNO9ekgt60kHbVU WHHjBm3Ef3DGSRB4n9trqjSxYvpleaVRaWU/53ns7mah4OqIIhmw/qRQUZaNVkgT 2JF4imxcTqsy3MEtpg9BW/DDJ9XmVmQaKNRFe7TXfhL4P4m4v+Gi8BEVzoRr3Uiu 7xTLzGEGGs9OYANtrtzdx6qMo47DtUeIpsmK5crAezgAU4kBbAnPJv8S5vXUHj22 Avylv3Za0K0ffFs+6+RkENjqgrK1vkWpAymPzMpZv/EPvQ+30FLGxg8DwmIC5huB HOQXoXCGHJ3l6a3N9VelQ3vOaTigm4R9Zsl6NLpqzD1MRffnKguGkcuWGHlarY8c GTLSHYkBvkWwJAhJnMQ5P0l+QgavAh4NnaDCS9Z1H7FXrEifXOqppd+EVuONYB1V cokRWjT4eX2dPkn3YesS/Gfabz4O3wSLeXBFVd/oPJeLyLQ8/rlVB+eX1+6wlg4P oF/mIHfpSs+5VVqmIL6a76jVLDzW1V44qyyTbe7ymS/FqnlAfLEM4ZCp7CFhnCb+ RmB5ypIJbNHLz3zVvZENhfOdTPZnBnBhpFT1U4HNOfAEtR7Nyb/uOr+NZz2B0+if zq6QNgTiZSUV+rMHyQgH94wKevElFzNjF5SnNHVNffUtYzclh2lPbMZa75CFPJf9 tFgT5HwKjkWtYcOgS84m =CUxj -----END PGP SIGNATURE----- --PQgM5TCpTanP0vUaA5Ipij1vCTKhkeqTB--