Hi I have been working on some different projects that eventually will need a shared queue structure and have been playing with mq_open et al. For various reasons I was looking into being able to communicate between the host and a jail using a global queue. Not that works fine using mqueuefs - the down side is that any root or matching uid can delete the queue on the host system. Transscript - First the host root@Thomas-FreeBSD:/home/sparrevo # ~sparrevo/mqueue Testing creation of Queue /Talk Making sure it does not exist deleted /Talk Created message posted Now the jail - please note this jail runs securelevel 2 - not that I would think it would matter here root@Thomas-FreeBSD:/home/sparrevo # jail -c amd64-schg amd64-schg: created root@Thomas-FreeBSD:/home/sparrevo # ssh [email protected] Password for [email protected]: Warning: untrusted X11 forwarding setup failed: xauth key data not generated Warning: No xauth data; using fake authentication data for X11 forwarding. X11 forwarding request failed on channel 0 Last login: Sat Jun 15 16:48:07 2013 from 192.168.0.203 FreeBSD 10.0-CURRENT (PRODUCTION) #1 r252040: Sat Jun 22 01:20:14 BST 2013 Welcome to FreeBSD! sparrevo@amd64-schg:~ % ./mqueue Testing creation of Queue /Talk Making sure it does not exist - it exist and we cannot delete it due permissions Queue /Talk cannot be created hu:: File exists sparrevo@amd64-schg:~ % su Password: root@amd64-schg:/home/sparrevo # ./mqueue Testing creation of Queue /Talk Making sure it does not exist deleted /Talk Created message posted root@amd64-schg:/home/sparrevo # Looking at the code it seems like we are missing a couple of allow.xxx features. I have not yet had time to check thw shm code to see how it prevents it _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "[email protected]"