I've updated Bjoern's patch for recent changes to allow.* handling, and gave it
a mention in jail(8).
As I mentioned, I'm still concerned about this permission bit beingoff by
default. I think I might have misinterpreted Joe's focus (he may have been
referring to security.bsd.unprivileged_read_msgbufandnot allow.read_msgbuf),
but my comment remains: do we want to change the default behavior, or just
allow it to be changed for those who care?
A point in favor of changing the default is this is something of a security
issue, so a reasonable default is to tend toward the more secure - plus, that's
more of a reason to include it in 12. Hmm ... yeah, I can see either side.
So which wins?