Quoting Adrian Chadd adr...@freebsd.org (from Mon, 10 Feb 2014
17:24:09 -0800):
On 10 February 2014 17:07, James Gritton ja...@freebsd.org wrote:
So is it worthwhile to add a new jail parameter called insecure (or
somesuch)? That way you could easily add the encapsulation without
any of
Wiadomość napisana przez James Gritton w dniu 4 lut 2014, o godz. 14:49:
On 2/4/2014 6:23 AM, Julian Elischer wrote:
On 2/4/14, 3:40 PM, Robert N. M. Watson wrote:
On 3 Feb 2014, at 23:53, Doug Ambrisko ambri...@ambrisko.com wrote:
It's unfortunate that vimage requires jail. I want to use
On Thursday, February 06, 2014 3:53:00 pm Alexander Leidinger wrote:
On Wed, 05 Feb 2014 14:05:29 -0500
John Baldwin j...@freebsd.org wrote:
I think having a kmem flag for jails is a hack and not the right
approach. It does make a jail useless security-wise, but by
masquerading as a
On Monday, February 03, 2014 03:53:36 PM Doug Ambrisko wrote:
On Fri, Jan 31, 2014 at 06:28:27PM -0700, James Gritton wrote:
| On 1/31/2014 2:30 PM, Alexander Leidinger wrote:
| On Fri, 31 Jan 2014 12:34:48 + (GMT)
|
| Robert Watson rwat...@freebsd.org wrote:
| On Wed, 29 Jan 2014,
On Wed, Feb 05, 2014 at 02:05:29PM -0500, John Baldwin wrote:
| On Monday, February 03, 2014 03:53:36 PM Doug Ambrisko wrote:
| On Fri, Jan 31, 2014 at 06:28:27PM -0700, James Gritton wrote:
| | On 1/31/2014 2:30 PM, Alexander Leidinger wrote:
| | On Fri, 31 Jan 2014 12:34:48 + (GMT)
| |
On 5 Feb 2014, at 19:05, John Baldwin j...@freebsd.org wrote:
A short term solution that would permit non-security jails without having to
do the longer term work that Robert would like might be to add a new per-jail
flag that in effect means no security at all. You would then modify one
On 4 Feb 2014, at 07:53, Adrian Chadd adr...@freebsd.org wrote:
I really would rather see Xorg gain whatever abstraction is necessary
to probe/attach/interface with a DRI API supported graphics card.
So, this then becomes a question of whether this is needed for DRI API
supported graphics
On 4 Feb 2014, at 10:05, Ivan Voras ivo...@freebsd.org wrote:
On 31 January 2014 18:28, James Gritton ja...@freebsd.org wrote:
On 1/31/2014 5:34 AM, Robert Watson wrote:
Frankly, I'd like to see this backed out and not reintroduced. If it must
be retained, then it needs a much more clear
On 2/4/2014 6:23 AM, Julian Elischer wrote:
On 2/4/14, 3:40 PM, Robert N. M. Watson wrote:
On 3 Feb 2014, at 23:53, Doug Ambrisko ambri...@ambrisko.com wrote:
It's unfortunate that vimage requires jail. I want to use vimage but
not have the security restrictions of a jail. To do this I
On 4 Feb 2014, at 13:23, Julian Elischer jul...@freebsd.org wrote:
On 2/4/14, 3:40 PM, Robert N. M. Watson wrote:
On 3 Feb 2014, at 23:53, Doug Ambrisko ambri...@ambrisko.com wrote:
It's unfortunate that vimage requires jail. I want to use vimage but
not have the security restrictions of
On Fri, Jan 31, 2014 at 06:28:27PM -0700, James Gritton wrote:
| On 1/31/2014 2:30 PM, Alexander Leidinger wrote:
| On Fri, 31 Jan 2014 12:34:48 + (GMT)
| Robert Watson rwat...@freebsd.org wrote:
| On Wed, 29 Jan 2014, Alexander Leidinger wrote:
| It does. I included a warning in jail.8
On 3 Feb 2014, at 23:53, Doug Ambrisko ambri...@ambrisko.com wrote:
It's unfortunate that vimage requires jail. I want to use vimage but
not have the security restrictions of a jail. To do this I patched
jail to basically let everything through. It would be nice to be
able to run jail in
On 31 January 2014 17:28, James Gritton ja...@freebsd.org wrote:
I second the documentation route. Yes, it's true that this option
makes a totally insecure jail - at least one lacking the expected jail
security additions. But I think that while security is one of the
primary purposes of
Hi Jamie:
As these privileges basically allows root processes in jail to break out of
jail, I think this needs a much more clear signpost that this is a very unsafe
thing to turn on. I can imagine scenarios where this might be useful, but
can't really imagine any where it is 'safe' with
On Wed, 29 Jan 2014, Alexander Leidinger wrote:
It does. I included a warning in jail.8 that this will pretty much undo
jail security. There are still reasons some may want to do this, but it's
definitely not for everyone or even most people.
It only unjails (= basically the same security
On 1/31/2014 5:34 AM, Robert Watson wrote:
On Wed, 29 Jan 2014, Alexander Leidinger wrote:
It does. I included a warning in jail.8 that this will pretty much
undo jail security. There are still reasons some may want to do
this, but it's definitely not for everyone or even most people.
It
Author: jamie
Date: Wed Jan 29 13:41:13 2014
New Revision: 261266
URL: http://svnweb.freebsd.org/changeset/base/261266
Log:
Add a jail parameter, allow.kmem, which lets jailed processes access
/dev/kmem and related devices (i.e. grants PRIV_IO and PRIV_KMEM_WRITE).
This in conjunction with
On Wed, Jan 29, 2014 at 01:41:13PM +, Jamie Gritton wrote:
J Author: jamie
J Date: Wed Jan 29 13:41:13 2014
J New Revision: 261266
J URL: http://svnweb.freebsd.org/changeset/base/261266
J
J Log:
J Add a jail parameter, allow.kmem, which lets jailed processes access
J /dev/kmem and related
It does. I included a warning in jail.8 that this will pretty much
undo jail security. There are still reasons some may want to do this,
but it's definitely not for everyone or even most people.
- Jamie
On 1/29/2014 6:43 AM, Gleb Smirnoff wrote:
On Wed, Jan 29, 2014 at 01:41:13PM +,
On Wed, 29 Jan 2014 06:49:01 -0700
James Gritton ja...@freebsd.org wrote:
On 1/29/2014 6:43 AM, Gleb Smirnoff wrote:
Doesn't this allow to easily unjail self? :)
It does. I included a warning in jail.8 that this will pretty much
undo jail security. There are still reasons some may want
20 matches
Mail list logo