[Bug 211580] deny system message buffer access from jails
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Fri Oct 12 00:06:07 UTC 2018
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=211580
dewayne at heuristicsystems.com.au changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |dewayne at heuristicsystems.co
| |m.au
--- Comment #12 from dewayne at heuristicsystems.com.au ---
(In reply to Jamie Landeg-Jones from comment #8)
I run a lot of non-vimage jails but I can only see one use-case for this
requirement - if I don't/can't access the host system, then a monitoring jail
may acquire & provide the dmesg information for a reporting jail? Is there
another use for this, that you have in mind and that we might benefit?
With
/etc/sysctl.conf:security.bsd.unprivileged_read_msgbuf=0
a jail reports
# dmesg
dmesg: sysctl kern.msgbuf: Operation not permitted
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-jail
mailing list