svn commit: r255316 - head/sys/kern
Jamie Gritton
jamie at FreeBSD.org
Fri Sep 6 18:59:19 UTC 2013
On 09/06/13 12:18, Gleb Smirnoff wrote:
> On Fri, Sep 06, 2013 at 05:32:29PM +0000, Jamie Gritton wrote:
> J> Author: jamie
> J> Date: Fri Sep 6 17:32:29 2013
> J> New Revision: 255316
> J> URL: http://svnweb.freebsd.org/changeset/base/255316
> J>
> J> Log:
> J> Keep PRIV_KMEM_READ permitted inside jails as it is on the outside.
> J>
> J> Modified:
> J> head/sys/kern/kern_jail.c
> J>
> J> Modified: head/sys/kern/kern_jail.c
> J> ==============================================================================
> J> --- head/sys/kern/kern_jail.c Fri Sep 6 17:19:57 2013 (r255315)
> J> +++ head/sys/kern/kern_jail.c Fri Sep 6 17:32:29 2013 (r255316)
> J> @@ -3885,6 +3885,13 @@ prison_priv_check(struct ucred *cred, in
> J> case PRIV_VFS_SETGID:
> J> case PRIV_VFS_STAT:
> J> case PRIV_VFS_STICKYFILE:
> J> +
> J> + /*
> J> + * As in the non-jail case, non-root users are expected to be
> J> + * able to read kernel/phyiscal memory (provided /dev/[k]mem
> J> + * exists in the jail and they have permission to access it).
> J> + */
> J> + case PRIV_KMEM_READ:
> J> return (0);
> J>
> J> /*
>
> Was that discussed anywhere or reviewed by anyone?
Yes, it was brought up by jase@ in src-committers last week, noting that
my original PRIV_KMEM_* commit (r252841) broke existing jail behavior.
The entire "discussion" was the mention of the problem and my mention of
what it would take to fix it. There was no code review as such, but that
seemed appropriate for an obvious one-liner.
- Jamie
More information about the svn-src-head
mailing list