New in-kernel privilege API: priv(9)

Alexander Leidinger Alexander at
Tue Oct 31 19:33:22 UTC 2006

Quoting Robert Watson <rwatson at> (Tue, 31 Oct 2006 09:43:45 +0000 (GMT)):

> (2) Sweep of the remaining kernel files, cleaning up privilege checks,
>      replacing suser()/suser_cred() calls, etc, across the kernel.

What about denying access to the dmesg in a jail? I noticed in the run
of the periodic scripts in jails that I can see the segfaults of
programs in other jails (stock -current, but I haven't seen such a
privilege in your list of allowed privileges for a jail). A quick test
revealed that I'm able to see the complete dmesg.

From an user point of view I don't want to get confused by broken stuff
in a jail of someone else (shared hosting) and I don't want to let
other people know what programs I run (in case they are failing).


   "I suppose the secret to happiness is learning to appreciate the moment."
-Calvin  Alexander @ PGP ID = B0063FE7     netchild @  : PGP ID = 72077137

More information about the freebsd-arch mailing list