Probably for the umpteenth time this subject line has shown up :) Why break 

I'll start here as my audience might be greater: how is this made possible? I 
know Alexander Leidinger was working on something, but this isn't compiling on 
7.1 atm (kern_jail.c: In function 'prison_priv_check': kern_jail.c:754: error: 
'jail_dev_io_access_allowed' undeclared (first use in this function), 
kern_jail.c: 754: error: (Each undeclared identifier is reported only once for 
each function it appears in.), kern_jail.c: 761: error: 
'jail_dev_io_access_allowed_hostname' undeclared (first use in this function), 
Error code 1) (Patch failed on hunk 1 of 2 -  rev on file is

More importantly I've read in posts elsewhere that a fb (framebuffer) device is 
being worked on. Besides this, I'm interested in the security of these methods. 
From what I've examined (on the system and on the net) only Xorg is using 
/dev/io and /dev/mem, so I'm wondering whether it might be possible to tighten 
security more with regards X AND in doing so make it easier to run X in a jail. 
I'm guessing that IF Xorg can be configured (manually?) then access to io could 
be restricted? Then only fb would be needed instead of /dev/mem? I'm only 
shooting off at the hip here- I'm not entirely up on Xorg runnings... (Docs 
might be handy? Pointers?)

I'll admit that I might not be in a great position to put this in code (I'm 
trying to help with a network driver currently- in my spare time :P), I have 2 
kids, a couple of businesses (one of which is the wife's), so I'm kinda 
strapped. But I do have plenty of good ideas, and not enough time for my 
projects on my list- plus I'm still kinda green on driver writing so its a slow 
process. But I'm willing to brain storm, and definitely test :)

Anyway, I'd like to work with whats out there currently to run X in a jail, but 
I need to get it to compile first (or setup) so some clarity on how to get this 
done would be great.

---- Msg sent via @Mail -
_______________________________________________ mailing list
To unsubscribe, send any mail to ""

Reply via email to