Date: Mon, 12 May 2014 16:39:33 -0400 From: Fbsd8 <fbsd8@a1poweruser.com> To: Tom Evans <tevans.uk@googlemail.com> Cc: "freebsd-x11@freebsd.org" <freebsd-x11@freebsd.org> Subject: Re: [HEADS UP] WITH_NEW_XORG is now the default on FreeBSD 10 and 9 stable Message-ID: <53713185.208@a1poweruser.com> In-Reply-To: <CAFHbX1%2BnN1JHJvL=c13g0S1DJhbG_=xhf1ZZgXRYkGDiXc1X=A@mail.gmail.com> References: <201404161828.s3GISoA3071853@svn.freebsd.org> <534ECCE7.7050204@freebsd.org> <5370F453.3000602@a1poweruser.com> <53710066.7080407@daemonic.se> <CAFHbX1K84pKJx9B5gprNuAMBV4s-_u7OkWRTyUjm=y3C-4gMgA@mail.gmail.com> <537123B3.5080309@a1poweruser.com> <CAFHbX1%2BnN1JHJvL=c13g0S1DJhbG_=xhf1ZZgXRYkGDiXc1X=A@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Tom Evans wrote: > On Mon, May 12, 2014 at 8:40 PM, Fbsd8 <fbsd8@a1poweruser.com> wrote: >> I know about this patch. I gave it to the guy who maintains jail(8) to be >> added as allow_xorg back in 9.1. After a year long review it was rejected by >> the core security team as it completely breaks jail security. xorg uses the >> kernel to communicate with the hosts console. > > Might have been worth mentioning that at the start. > >> From that news release, sounded like the new xorg uses a different method to >> communicate with the hosts console. Is my understanding correct? > > No. > >> Now using vt(9) with the new xorg may be the answer to running xorg in a >> jail. > > No it isn't - the patch that allows xorg to access kmem and to give > access to the drm devices is the answer to running xorg in a jail. We all ready know that patch has been rejected as a security breach so its not a solution. So back to the new vt, can it be expanded and used to change the way xorg talks to the host console? Is the upstream xorg project people aware of xorg not working in a jail? Is there something in the xorg port that can be changed in some way to make it work in a jail? Looking for options here, have any ideas on how to get xorg in a jail? > >> Is there any way to get vt installed on 10.0-RELEASE with out going to >> current? > > Yes, recompile with this in your kernel config: > > nodevice vga > nodevice sc > device vt > device vt_vga > > Cheers > > Tom >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?53713185.208>