Keep PRIV_KMEM_READ permitted inside jails as it is on the outside.

author: jamie <jamie@FreeBSD.org> 2013-09-06 17:32:29 +0000
committer: jamie <jamie@FreeBSD.org> 2013-09-06 17:32:29 +0000
commit: d13d69ef17e933f4e8a1be14f0558e25dad171c7 (patch)
tree: d3a36cd1933f21be57bee5416b528185de22daf7 /sys
parent: baf6916d29840d85b2d4a4045219f28bbaa7943c (diff)
download: FreeBSD-src-d13d69ef17e933f4e8a1be14f0558e25dad171c7.zip
FreeBSD-src-d13d69ef17e933f4e8a1be14f0558e25dad171c7.tar.gz
1 files changed, 7 insertions, 0 deletions
diff --git a/sys/kern/kern_jail.c b/sys/kern/kern_jail.c
index 6451825..331b0e1 100644
--- a/sys/kern/kern_jail.c
+++ b/sys/kern/kern_jail.c
@@ -3885,6 +3885,13 @@ prison_priv_check(struct ucred *cred, int priv)
 	case PRIV_VFS_SETGID:
 	case PRIV_VFS_STAT:
 	case PRIV_VFS_STICKYFILE:
+
+		/*
+		 * As in the non-jail case, non-root users are expected to be
+		 * able to read kernel/phyiscal memory (provided /dev/[k]mem
+		 * exists in the jail and they have permission to access it).
+		 */
+	case PRIV_KMEM_READ:
 		return (0);
 
 		/*
author	jamie <jamie@FreeBSD.org>	2013-09-06 17:32:29 +0000
committer	jamie <jamie@FreeBSD.org>	2013-09-06 17:32:29 +0000
commit	d13d69ef17e933f4e8a1be14f0558e25dad171c7 (patch)
tree	d3a36cd1933f21be57bee5416b528185de22daf7 /sys
parent	baf6916d29840d85b2d4a4045219f28bbaa7943c (diff)
download	FreeBSD-src-d13d69ef17e933f4e8a1be14f0558e25dad171c7.zip FreeBSD-src-d13d69ef17e933f4e8a1be14f0558e25dad171c7.tar.gz