[Bug 211580] deny system message buffer access from jails

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

[Bug 211580] deny system message buffer access from jails

bugzilla-noreply
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=211580

[hidden email] changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |[hidden email]
                   |                            |m.au

--- Comment #12 from [hidden email] ---
(In reply to Jamie Landeg-Jones from comment #8)
I run a lot of non-vimage jails but I can only see one use-case for this
requirement - if I don't/can't access the host system, then a monitoring jail
may acquire & provide the dmesg information for a reporting jail?  Is there
another use for this, that you have in mind and that we might benefit?

With
/etc/sysctl.conf:security.bsd.unprivileged_read_msgbuf=0
a jail reports
# dmesg
dmesg: sysctl kern.msgbuf: Operation not permitted

--
You are receiving this mail because:
You are the assignee for the bug.
_______________________________________________
[hidden email] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-jail
To unsubscribe, send any mail to "[hidden email]"