Re: xorg in jail
On Sat, 10 Oct 2009 10:14:26 +0200 Kevin Smith wrote: > Does this patch fix vnc server start error also ? I don't know. The patch allows access to /dev/io. Normally this is not possible, even if /dev/io is visible in the jail, as the kernel disallows all access to it from a jail. > When I try to run tightvncserver in a jail it says: > > A VNC server is already running as :0 I wouldn't expect that a VNC server needs access to /dev/io, so I would be surprised if this would help. > even if there is no vnc server running. You could start it via "ktrace -i tightvncserver" and when it abortet you can have a look with kdump|less what it tries to do. Bye, Alexander. > Thank you, > regards > > On Oct 9, 2009, at 10:45 AM, Alexander Leidinger wrote: > > > Quoting hulibyaka hulibyaka (from Thu, 8 Oct > > 2009 22:01:23 +0400): > > > >> What the difference for restriction on /dev/io between chroot and > >> jail? How can i get all needed by xinit privileges on /dev/io > >> within jail ? > > > > There are additional access restrictions in the kernel when run in > > a jail. You need > > http://www.leidinger.net/FreeBSD/current-patches/jail.diff > > and you need to rebuild the kernel and the world. > > > > After that you need to add > > jail_JAILID_startparams="allow.dev_io_access" for your jail startup. > > > > Bye, > > Alexander. > > > > -- > > Pie are not square. Pie are round. Cornbread are square. > > > > http://www.Leidinger.netAlexander @ Leidinger.net: PGP ID = > > B0063FE7 > > http://www.FreeBSD.org netchild @ FreeBSD.org : PGP ID = > > 72077137 > > ___ > > freebsd-jail@freebsd.org mailing list > > http://lists.freebsd.org/mailman/listinfo/freebsd-jail > > To unsubscribe, send any mail to "freebsd-jail- > > unsubscr...@freebsd.org" > > -- > Kevin > ___ freebsd-jail@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org"
Re: xorg in jail
Does this patch fix vnc server start error also ? When I try to run tightvncserver in a jail it says: A VNC server is already running as :0 even if there is no vnc server running. Thank you, regards On Oct 9, 2009, at 10:45 AM, Alexander Leidinger wrote: Quoting hulibyaka hulibyaka (from Thu, 8 Oct 2009 22:01:23 +0400): What the difference for restriction on /dev/io between chroot and jail? How can i get all needed by xinit privileges on /dev/io within jail ? There are additional access restrictions in the kernel when run in a jail. You need http://www.leidinger.net/FreeBSD/current-patches/jail.diff and you need to rebuild the kernel and the world. After that you need to add jail_JAILID_startparams="allow.dev_io_access" for your jail startup. Bye, Alexander. -- Pie are not square. Pie are round. Cornbread are square. http://www.Leidinger.netAlexander @ Leidinger.net: PGP ID = B0063FE7 http://www.FreeBSD.org netchild @ FreeBSD.org : PGP ID = 72077137 ___ freebsd-jail@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to "freebsd-jail- unsubscr...@freebsd.org" -- Kevin ___ freebsd-jail@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org"
Re: xorg in jail
Quoting hulibyaka hulibyaka (from Thu, 8 Oct 2009 22:01:23 +0400): What the difference for restriction on /dev/io between chroot and jail? How can i get all needed by xinit privileges on /dev/io within jail ? There are additional access restrictions in the kernel when run in a jail. You need http://www.leidinger.net/FreeBSD/current-patches/jail.diff and you need to rebuild the kernel and the world. After that you need to add jail_JAILID_startparams="allow.dev_io_access" for your jail startup. Bye, Alexander. -- Pie are not square. Pie are round. Cornbread are square. http://www.Leidinger.netAlexander @ Leidinger.net: PGP ID = B0063FE7 http://www.FreeBSD.org netchild @ FreeBSD.org : PGP ID = 72077137 ___ freebsd-jail@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org"
xorg in jail
Hello maillist I've try to setup and run X environment in the jail (FreeBSD-9 Current). xinit with correct xorg.conf for my video card (radeon) get this message: --- (WW) xf86EnableIO: Failed to open /dev/io for extended I/O(EE) No devices detected. Fatal server error: no screens found --- But /dev/io and /dev/mem is exist in my dev for jail (i use this rules in /etc/devfs.rules, thanks to Alexander Leidinger ): --- [devfsrules_unhide_audio=5] add path 'audio*' unhide add path 'dsp*' unhide add path midistat unhide add path 'mixer*' unhide add path 'music*' unhide add path 'sequencer*' unhide add path sndstat unhide add path speaker unhide [devfsrules_unhide_printers=6] add path 'lpt*' unhide add path 'ulpt*' unhide add path 'unlpt*' unhide [devfsrules_unhide_input=7] add path 'atkbd*' unhide add path 'kbd*' unhide add path 'joy*' unhide add path 'psm*' unhide add path sysmouse unhide add path 'ukbd*' unhide add path 'ums*' unhide [devfsrules_unhide_xorg=8] add path agpgart unhide #add path console unhide add path dri unhide add path 'dri*' unhide add path io unhide add path mem unhide #add path pci unhide add path tty unhide add path ttyv0 unhide add path ttyv1 unhide add path ttyv8 unhide [devfsrules_unhide_cam=9] add path 'da*' unhide add path 'cd*' unhide [devfsrules_unhide_kmem=10] add path kmem unhide [devfsrules_jail_desktop=11] add include $devfsrules_hide_all add include $devfsrules_unhide_basic add include $devfsrules_unhide_login add include $devfsrules_unhide_audio add include $devfsrules_unhide_input add include $devfsrules_unhide_xorg add include $devfsrules_unhide_cam add include $devfsrules_unhide_kmem --- But X starting successfull when i make: chroot /jail/root_of_jail xinit from outside jail. What the difference for restriction on /dev/io between chroot and jail? How can i get all needed by xinit privileges on /dev/io within jail ? ___ freebsd-jail@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org"