Quoting Robert Watson (Tue, 31 Oct 2006 09:43:45 +000=
0 (GMT)):

> (2) Sweep of the remaining kernel files, cleaning up privilege checks,
> replacing suser()/suser_cred() calls, etc, across the kernel.

What about denying access to the dmesg in a jail? I noticed in the run
of the periodic scripts in jails that I can see the segfaults of
programs in other jails (stock -current, but I haven't seen such a
privilege in your list of allowed privileges for a jail). A quick test
revealed that I'm able to see the complete dmesg.

=46rom an user point of view I don't want to get confused by broken stuff
in a jail of someone else (shared hosting) and I don't want to let
other people know what programs I run (in case they are failing).


"I suppose the secret to happiness is learning to appreciate the moment."
http://www.Leidinger.net Alexander @ Leidinger.net: PGP ID =3D B0063FE7
http://www.FreeBSD.org netchild @ FreeBSD.org : PGP ID =3D 72077137
freebsd-arch@freebsd.org mailing list
To unsubscribe, send any mail to "freebsd-arch-unsubscribe@freebsd.org"