Ugh, it looks like kldload(2) is doing the privilege check before the file existence check. I'm not sure of the best solution: * Change kern_kldload to check for file existence first. This would ring some alarm bells among security folks, and it isn't totally easy to do, either.* Change ifconfig(8) to do an existence check of its own. This would be ugly.* Change ifconfig(8) so that it doesn't attempt to load modules when just listing an interface. This might be incomplete, but is probably worth doing anyway.
Isn't this affecting all ifconfig operations in a _vnet_ jail, not only listing an interface?
Would it be sensible to revert the commit until there is a solution?From a quick look I have the impression it makes sense to set noload to true in a jail (in that case ifmaybeload returns and the problem should go away).
Bye, Alexander. -- http://www.Leidinger.net alexan...@leidinger.net: PGP 0x8F31830F9F2772BF http://www.FreeBSD.org netch...@freebsd.org : PGP 0x8F31830F9F2772BF
pgpKhUqu23Hif.pgp
Description: Digitale PGP-Signatur
