Re: git: 6452fb1e87ed - main - protect.1: Document that protect(1) does not work in jails

In reply to: Mateusz Piotrowski : "git: 6452fb1e87ed - main - protect.1: Document that protect(1) does not work in jails"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Bryan Drewery <bdrewery_at_FreeBSD.org>
Date: Tue, 19 Jul 2022 20:27:13 UTC

On 7/11/2022 3:49 PM, Mateusz Piotrowski wrote:
> The branch main has been updated by 0mp (doc, ports committer):
> 
> URL:https://cgit.FreeBSD.org/src/commit/?id=6452fb1e87ed9d00b52fa1e63e7c3a7516c9586c
> 
> commit 6452fb1e87ed9d00b52fa1e63e7c3a7516c9586c
> Author:     Mateusz Piotrowski<0mp@FreeBSD.org>
> AuthorDate: 2022-07-11 22:43:27 +0000
> Commit:     Mateusz Piotrowski<0mp@FreeBSD.org>
> CommitDate: 2022-07-11 22:47:58 +0000
> 
>      protect.1: Document that protect(1) does not work in jails
>      
>      The reason is that in order to protect a process procctl(2) needs
>      the PRIV_VM_MADV_PROTECT privilege, which is currently denied in jails
>      (see kern_jail.c).
>      
>      MFC after:      1 week
> ---

By the way I have 
https://people.freebsd.org/~bdrewery/patch-jails-allow-protect.diff to 
allow this to work on a case-by-case basis. I haven't had time to open a 
review yet but I will some time.

-- 
Bryan Drewery