Date: Sat, 13 Oct 2018 23:17:59 +0000 From: bugzilla-noreply@freebsd.org To: jail@FreeBSD.org Subject: [Bug 211580] deny system message buffer access from jails Message-ID: <bug-211580-29815-REAPoc2F1b@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-211580-29815@https.bugs.freebsd.org/bugzilla/> References: <bug-211580-29815@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D211580 Jamie Gritton <jamie@FreeBSD.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|New |Open --- Comment #15 from Jamie Gritton <jamie@FreeBSD.org> --- (In reply to Joe Barbish from comment #13) > "security.bsd.unprivileged_read_msgbuf" MIB should be implemented in the = same manner as that used for "allow.raw_sockets". The default being not all= owed. I'm worried about making allow.read_msgbuf default to not allowed, for the reason that current behavior wouldn't be preserved. A jail without a particular option should generally behave the same as an older jail when the option didn't exist. There may be exceptions to this, but I don't see it h= ere. --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-211580-29815-REAPoc2F1b>