xorg in jail
Alexander Leidinger
Alexander at Leidinger.net
Sun Oct 11 15:35:43 UTC 2009
On Sat, 10 Oct 2009 10:14:26 +0200 Kevin Smith <kerbzo at gmail.com> wrote:
> Does this patch fix vnc server start error also ?
I don't know. The patch allows access to /dev/io. Normally this is not
possible, even if /dev/io is visible in the jail, as the kernel
disallows all access to it from a jail.
> When I try to run tightvncserver in a jail it says:
>
> A VNC server is already running as :0
I wouldn't expect that a VNC server needs access to /dev/io, so I
would be surprised if this would help.
> even if there is no vnc server running.
You could start it via "ktrace -i tightvncserver" and when it abortet
you can have a look with kdump|less what it tries to do.
Bye,
Alexander.
> Thank you,
> regards
>
> On Oct 9, 2009, at 10:45 AM, Alexander Leidinger wrote:
>
> > Quoting hulibyaka hulibyaka <hulibyaka at gmail.com> (from Thu, 8 Oct
> > 2009 22:01:23 +0400):
> >
> >> What the difference for restriction on /dev/io between chroot and
> >> jail? How can i get all needed by xinit privileges on /dev/io
> >> within jail ?
> >
> > There are additional access restrictions in the kernel when run in
> > a jail. You need
> > http://www.leidinger.net/FreeBSD/current-patches/jail.diff
> > and you need to rebuild the kernel and the world.
> >
> > After that you need to add
> > jail_JAILID_startparams="allow.dev_io_access" for your jail startup.
> >
> > Bye,
> > Alexander.
> >
> > --
> > Pie are not square. Pie are round. Cornbread are square.
> >
> > http://www.Leidinger.net Alexander @ Leidinger.net: PGP ID =
> > B0063FE7
> > http://www.FreeBSD.org netchild @ FreeBSD.org : PGP ID =
> > 72077137
> > _______________________________________________
> > freebsd-jail at freebsd.org mailing list
> > http://lists.freebsd.org/mailman/listinfo/freebsd-jail
> > To unsubscribe, send any mail to "freebsd-jail-
> > unsubscribe at freebsd.org"
>
> --
> Kevin
>
More information about the freebsd-jail
mailing list