Date: Wed, 17 Oct 2018 16:12:14 +0000 From: bugzilla-noreply@freebsd.org To: jail@FreeBSD.org Subject: [Bug 211580] deny system message buffer access from jails Message-ID: <bug-211580-29815-3VIDieaiyb@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-211580-29815@https.bugs.freebsd.org/bugzilla/> References: <bug-211580-29815@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D211580 --- Comment #21 from commit-hook@freebsd.org --- A commit references this bug: Author: jamie Date: Wed Oct 17 16:11:44 UTC 2018 New revision: 339409 URL: https://svnweb.freebsd.org/changeset/base/339409 Log: Add a new jail permission, allow.read_msgbuf. When true, jailed processes can see the dmesg buffer (this is the current behavior). When false (the new default), dmesg will be unavailable to jailed users, whether root or not. The security.bsd.unprivileged_read_msgbuf sysctl still works as before, controlling system-wide whether non-root users can see the buffer. PR: 211580 Submitted by: bz Approved by: re@ (kib@) MFC after: 3 days Changes: head/sys/kern/kern_jail.c head/sys/kern/kern_priv.c head/sys/kern/subr_prf.c head/sys/sys/jail.h head/usr.sbin/jail/jail.8 --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-211580-29815-3VIDieaiyb>