Xorg in a Jail... :)

[Da Rock]

Probably for the umpteenth time this subject line has shown up :) Why break convention?

I'll start here as my audience might be greater: how is this made possible? I know Alexander Leidinger was working on something, but this isn't compiling on 7.1 atm (kern_jail.c: In function 'prison_priv_check': kern_jail.c:754: error: 'jail_dev_io_access_allowed' undeclared (first use in this function), kern_jail.c: 754: error: (Each undeclared identifier is reported only once for each function it appears in.), kern_jail.c: 761: error: 'jail_dev_io_access_allowed_hostname' undeclared (first use in this function), Error code 1) (Patch failed on hunk 1 of 2 -  rev on file is 1.70.2.4.2.1).

More importantly I've read in posts elsewhere that a fb (framebuffer) device is being worked on. Besides this, I'm interested in the security of these methods. From what I've examined (on the system and on the net) only Xorg is using /dev/io and /dev/mem, so I'm wondering whether it might be possible to tighten security more with regards X AND in doing so make it easier to run X in a jail. I'm guessing that IF Xorg can be configured (manually?) then access to io could be restricted? Then only fb would be needed instead of /dev/mem? I'm only shooting off at the hip here- I'm not entirely up on Xorg runnings... (Docs might be handy? Pointers?)

I'll admit that I might not be in a great position to put this in code (I'm trying to help with a network driver currently- in my spare time :P), I have 2 kids, a couple of businesses (one of which is the wife's), so I'm kinda strapped. But I do have plenty of good ideas, and not enough time for my projects on my list- plus I'm still kinda green on driver writing so its a slow process. But I'm willing to brain storm, and definitely test :)

Anyway, I'd like to work with whats out there currently to run X in a jail, but I need to get it to compile first (or setup) so some clarity on how to get this done would be great.

Cheers
---- Msg sent via @Mail - http://atmail.com/