https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=211580
Miroslav Lachman <000.f...@quip.cz> changed:
What|Removed |Added
CC||000.f...@quip.
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=211580
--- Comment #2 from Bjoern A. Zeeb ---
(In reply to Miroslav Lachman from comment #1)
Yes, I mean either have an option to toggle it for jails with a default of "not
allowed" or a global if (jailed()) sorry_no();
Should be trivial to impl
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=211580
--- Comment #3 from Miroslav Lachman <000.f...@quip.cz> ---
OK, I understand. I can't write a patch, but I am willing to test it :)
--
You are receiving this mail because:
You are the assignee for the bug.
_
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=211580
Joe Barbish changed:
What|Removed |Added
CC||qja...@a1poweruser.com
--- Comment #
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=211580
--- Comment #5 from Joe Barbish ---
I have been thinking about this more and I remember having this discussion some
time a few years ago in the past. There is nothing wrong with the dmesg command
issued from within a non-vimage jail showing
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=211580
--- Comment #6 from Miroslav Lachman <000.f...@quip.cz> ---
(In reply to Joe Barbish from comment #5)
I don't think so. Attackers can use security.jail.jailed to show the truth.
Leaking SW / HW info from the host to jail by dmesg should be
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=211580
--- Comment #7 from Bjoern A. Zeeb ---
Created attachment 173424
--> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=173424&action=edit
Patch to allow per-jail msgbuf access
Move the sysctl priv check from the kernel msgbuf sysctl to
