New in-kernel privilege API: priv(9)

Alexander Leidinger Alexander at Leidinger.net
Tue Oct 31 19:33:22 UTC 2006


Quoting Robert Watson <rwatson at FreeBSD.org> (Tue, 31 Oct 2006 09:43:45 +0000 (GMT)):

> (2) Sweep of the remaining kernel files, cleaning up privilege checks,
>      replacing suser()/suser_cred() calls, etc, across the kernel.

What about denying access to the dmesg in a jail? I noticed in the run
of the periodic scripts in jails that I can see the segfaults of
programs in other jails (stock -current, but I haven't seen such a
privilege in your list of allowed privileges for a jail). A quick test
revealed that I'm able to see the complete dmesg.

From an user point of view I don't want to get confused by broken stuff
in a jail of someone else (shared hosting) and I don't want to let
other people know what programs I run (in case they are failing).

Bye,
Alexander.

-- 
   "I suppose the secret to happiness is learning to appreciate the moment."
-Calvin
http://www.Leidinger.net  Alexander @ Leidinger.net: PGP ID = B0063FE7
http://www.FreeBSD.org     netchild @ FreeBSD.org  : PGP ID = 72077137


More information about the freebsd-arch mailing list