[Bug 211580] deny system message buffer access from jails
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Mon Aug 8 21:44:57 UTC 2016
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=211580
--- Comment #7 from Bjoern A. Zeeb <bz at FreeBSD.org> ---
Created attachment 173424
--> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=173424&action=edit
Patch to allow per-jail msgbuf access
Move the sysctl priv check from the kernel msgbuf sysctl to kern_priv.c.
This not only allows jails to overrule the global decision but also MAC
possibly.
The global sysctl to allow unpriv read stays and equally works inside jails
(but not per jail). However jails can entirely disable access now (on by
default).
Misses a man page update for allow.read_msgbuf [with allow.noread_msgbuf as
counter-option].
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-jail
mailing list