[HEADS UP] WITH_NEW_XORG is now the default on FreeBSD 10 and 9 stable
Fbsd8
fbsd8 at a1poweruser.com
Mon May 12 20:39:42 UTC 2014
Tom Evans wrote:
> On Mon, May 12, 2014 at 8:40 PM, Fbsd8 <fbsd8 at a1poweruser.com> wrote:
>> I know about this patch. I gave it to the guy who maintains jail(8) to be
>> added as allow_xorg back in 9.1. After a year long review it was rejected by
>> the core security team as it completely breaks jail security. xorg uses the
>> kernel to communicate with the hosts console.
>
> Might have been worth mentioning that at the start.
>
>> From that news release, sounded like the new xorg uses a different method to
>> communicate with the hosts console. Is my understanding correct?
>
> No.
>
>> Now using vt(9) with the new xorg may be the answer to running xorg in a
>> jail.
>
> No it isn't - the patch that allows xorg to access kmem and to give
> access to the drm devices is the answer to running xorg in a jail.
We all ready know that patch has been rejected as a security breach so
its not a solution. So back to the new vt, can it be expanded and used
to change the way xorg talks to the host console?
Is the upstream xorg project people aware of xorg not working in a jail?
Is there something in the xorg port that can be changed in some way to
make it work in a jail?
Looking for options here, have any ideas on how to get xorg in a jail?
>
>> Is there any way to get vt installed on 10.0-RELEASE with out going to
>> current?
>
> Yes, recompile with this in your kernel config:
>
> nodevice vga
> nodevice sc
> device vt
> device vt_vga
>
> Cheers
>
> Tom
>
More information about the freebsd-x11
mailing list