K 10
svn:author
V 7
rwatson
K 8
svn:date
V 27
2000-11-01T17:58:06.000000Z
K 7
svn:log
V 844
o MFC of System V IPC disabling in jail():
  1.8       +6 -1      src/sys/kern/kern_jail.c
  1.26      +17 -1     src/sys/kern/sysv_msg.c
  1.29      +14 -1     src/sys/kern/sysv_sem.c
  1.49      +20 -1     src/sys/kern/sysv_shm.c
  1.10      +2 -1      src/sys/sys/jail.h

  Log:
  o Deny access to System V IPC from within jail by default, as in the
    current implementation, jail neither virtualizes the Sys V IPC namespace,
    nor provides inter-jail protections on IPC objects.
  o Support for System V IPC can be enabled by setting jail.sysvipc_allowed=1
    using sysctl.
  o This is not the "real fix" which involves virtualizing the System V
    IPC namespace, but prevents processes within jail from influencing those
    outside of jail when not approved by the administrator.

  Reported by:  Paulo Fragoso <paulo@nlink.com.br>

END