[Bug 211580] deny system message buffer access from jails
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Wed Oct 17 16:12:16 UTC 2018
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=211580
--- Comment #21 from commit-hook at freebsd.org ---
A commit references this bug:
Author: jamie
Date: Wed Oct 17 16:11:44 UTC 2018
New revision: 339409
URL: https://svnweb.freebsd.org/changeset/base/339409
Log:
Add a new jail permission, allow.read_msgbuf. When true, jailed processes
can see the dmesg buffer (this is the current behavior). When false (the
new default), dmesg will be unavailable to jailed users, whether root or
not.
The security.bsd.unprivileged_read_msgbuf sysctl still works as before,
controlling system-wide whether non-root users can see the buffer.
PR: 211580
Submitted by: bz
Approved by: re@ (kib@)
MFC after: 3 days
Changes:
head/sys/kern/kern_jail.c
head/sys/kern/kern_priv.c
head/sys/kern/subr_prf.c
head/sys/sys/jail.h
head/usr.sbin/jail/jail.8
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-jail
mailing list