On Fri, Sep 06, 2013 at 05:32:29PM +0000, Jamie Gritton wrote: J> Author: jamie J> Date: Fri Sep 6 17:32:29 2013 J> New Revision: 255316 J> URL: http://svnweb.freebsd.org/changeset/base/255316 J> J> Log: J> Keep PRIV_KMEM_READ permitted inside jails as it is on the outside. J> J> Modified: J> head/sys/kern/kern_jail.c J> J> Modified: head/sys/kern/kern_jail.c J> ============================================================================== J> --- head/sys/kern/kern_jail.c Fri Sep 6 17:19:57 2013 (r255315) J> +++ head/sys/kern/kern_jail.c Fri Sep 6 17:32:29 2013 (r255316) J> @@ -3885,6 +3885,13 @@ prison_priv_check(struct ucred *cred, in J> case PRIV_VFS_SETGID: J> case PRIV_VFS_STAT: J> case PRIV_VFS_STICKYFILE: J> + J> + /* J> + * As in the non-jail case, non-root users are expected to be J> + * able to read kernel/phyiscal memory (provided /dev/[k]mem J> + * exists in the jail and they have permission to access it). J> + */ J> + case PRIV_KMEM_READ: J> return (0); J> J> /*
Was that discussed anywhere or reviewed by anyone? -- Totus tuus, Glebius. _______________________________________________ svn-src-head@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
