[Bug 211580] deny system message buffer access from jails

Wed Oct 17 16:12:16 UTC 2018

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=211580

--- Comment #21 from commit-hook at freebsd.org ---
A commit references this bug:

Author: jamie
Date: Wed Oct 17 16:11:44 UTC 2018
New revision: 339409
URL: https://svnweb.freebsd.org/changeset/base/339409

Log:
  Add a new jail permission, allow.read_msgbuf.  When true, jailed processes
  can see the dmesg buffer (this is the current behavior).  When false (the
  new default), dmesg will be unavailable to jailed users, whether root or
  not.

  The security.bsd.unprivileged_read_msgbuf sysctl still works as before,
  controlling system-wide whether non-root users can see the buffer.

  PR:           211580
  Submitted by: bz
  Approved by:  re@ (kib@)
  MFC after:    3 days

Changes:
  head/sys/kern/kern_jail.c
  head/sys/kern/kern_priv.c
  head/sys/kern/subr_prf.c
  head/sys/sys/jail.h
  head/usr.sbin/jail/jail.8

-- 
You are receiving this mail because:
You are the assignee for the bug.