From owner-freebsd-x11@FreeBSD.ORG Mon May 12 20:39:42 2014 Return-Path: Delivered-To: freebsd-x11@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 5B9E4651 for ; Mon, 12 May 2014 20:39:42 +0000 (UTC) Received: from relay.mailchannels.net (si-002-i152.relay.mailchannels.net [108.178.49.164]) by mx1.freebsd.org (Postfix) with ESMTP id A96A92D92 for ; Mon, 12 May 2014 20:39:41 +0000 (UTC) X-Sender-Id: _forwarded-from|107.201.34.133 Received: from mail-24.name-services.com (ip-10-237-3-9.us-west-2.compute.internal [10.237.3.9]) by relay.mailchannels.net (Postfix) with ESMTPA id B6904100646; Mon, 12 May 2014 20:39:39 +0000 (UTC) X-Sender-Id: _forwarded-from|107.201.34.133 Received: from mail-24.name-services.com (mail-24.name-services.com [10.235.16.137]) (using TLSv1 with cipher AES128-SHA) by 0.0.0.0:2500 (trex/5.1.2); Mon, 12 May 2014 20:39:40 GMT X-MC-Relay: Forwarding X-MailChannels-SenderId: _forwarded-from%7C107.201.34.133 X-MailChannels-Auth-Id: demandmedia Received: from [10.0.10.1] (107-201-34-133.lightspeed.bcvloh.sbcglobal.net [107.201.34.133]) by mail-24.name-services.com with SMTP; Mon, 12 May 2014 13:39:33 -0700 Message-ID: <53713185.208@a1poweruser.com> Date: Mon, 12 May 2014 16:39:33 -0400 From: Fbsd8 User-Agent: Thunderbird 2.0.0.17 (Windows/20080914) MIME-Version: 1.0 To: Tom Evans Subject: Re: [HEADS UP] WITH_NEW_XORG is now the default on FreeBSD 10 and 9 stable References: <201404161828.s3GISoA3071853@svn.freebsd.org> <534ECCE7.7050204@freebsd.org> <5370F453.3000602@a1poweruser.com> <53710066.7080407@daemonic.se> <537123B3.5080309@a1poweruser.com> In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Cc: "freebsd-x11@freebsd.org" X-BeenThere: freebsd-x11@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: X11 on FreeBSD -- maintaining and support List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 12 May 2014 20:39:42 -0000 Tom Evans wrote: > On Mon, May 12, 2014 at 8:40 PM, Fbsd8 wrote: >> I know about this patch. I gave it to the guy who maintains jail(8) to be >> added as allow_xorg back in 9.1. After a year long review it was rejected by >> the core security team as it completely breaks jail security. xorg uses the >> kernel to communicate with the hosts console. > > Might have been worth mentioning that at the start. > >> From that news release, sounded like the new xorg uses a different method to >> communicate with the hosts console. Is my understanding correct? > > No. > >> Now using vt(9) with the new xorg may be the answer to running xorg in a >> jail. > > No it isn't - the patch that allows xorg to access kmem and to give > access to the drm devices is the answer to running xorg in a jail. We all ready know that patch has been rejected as a security breach so its not a solution. So back to the new vt, can it be expanded and used to change the way xorg talks to the host console? Is the upstream xorg project people aware of xorg not working in a jail? Is there something in the xorg port that can be changed in some way to make it work in a jail? Looking for options here, have any ideas on how to get xorg in a jail? > >> Is there any way to get vt installed on 10.0-RELEASE with out going to >> current? > > Yes, recompile with this in your kernel config: > > nodevice vga > nodevice sc > device vt > device vt_vga > > Cheers > > Tom >