git: da1b8e42cf - main - 14.4/relnotes: tweak the entry about child jail tampering
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Sat, 07 Mar 2026 06:23:03 UTC
The branch main has been updated by vladlen:
URL: https://cgit.FreeBSD.org/doc/commit/?id=da1b8e42cf4ab81c60dcb2e3394a1633ccc63bd8
commit da1b8e42cf4ab81c60dcb2e3394a1633ccc63bd8
Author: Kyle Evans <kevans@FreeBSD.org>
AuthorDate: 2026-03-07 06:21:24 +0000
Commit: Vladlen Popolitov <vladlen@FreeBSD.org>
CommitDate: 2026-03-07 06:21:24 +0000
14.4/relnotes: tweak the entry about child jail tampering
Reviewed by: ziaee, vladlen
Approved by: ziaee, re (implicit)
Differential Revision: https://reviews.freebsd.org/D55675
---
website/content/en/releases/14.4R/relnotes.adoc | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/website/content/en/releases/14.4R/relnotes.adoc b/website/content/en/releases/14.4R/relnotes.adoc
index d5fe6721c1..2a6158633b 100644
--- a/website/content/en/releases/14.4R/relnotes.adoc
+++ b/website/content/en/releases/14.4R/relnotes.adoc
@@ -372,7 +372,9 @@ This section covers changes to kernel configurations, system tuning, and system
[[kernel-general]]
=== General Kernel Changes
-The man:jail[8] system now restricts unprivileged users in a parent jail from scheduling, debugging, or signaling processes in subordinate jails by default. New privileges PRIV_SCHED_DIFFJAIL, PRIV_DEBUG_DIFFJAIL, and PRIV_SIGNAL_DIFFJAIL are required for such cross-jail operations. A new jail parameter allow.unprivileged_parent_tampering is introduced for backward compatibility in FreeBSD 14.x, but will be disabled by default in FreeBSD 15.x, affecting development setups that rely on cross-jail process management.
+The man:jail[8] system will restrict unprivileged users in a parent jail from scheduling, debugging, or signaling processes in subordinate jails by default in FreeBSD 15.0 and later.
+New privileges PRIV_SCHED_DIFFJAIL, PRIV_DEBUG_DIFFJAIL, and PRIV_SIGNAL_DIFFJAIL are required for such cross-jail operations.
+A new jail parameter allow.nounprivileged_parent_tampering is introduced in FreeBSD 14.x to enable early adoption of the new behavior, but this will become enabled by default in FreeBSD 15.x, affecting development setups that rely on cross-jail process management.
gitref:5c6949e12ee6[repository=src].
The change fixes a race condition in the powerpc context switch code that could cause the system to hang after starting all APs, particularly in qemu-system-ppc64 power9 pseries guests.