aboutsummaryrefslogtreecommitdiff
path: root/LEVIN_PROTOCOL.md
diff options
context:
space:
mode:
authorscoobybejesus <21372487+scoobybejesus@users.noreply.github.com>2020-02-25 21:12:56 -0500
committerGitHub <noreply@github.com>2020-02-25 21:12:56 -0500
commit56c4eda53f6025991d835fd9b4e9fcbcc90a8ae7 (patch)
tree4a66e35a98b4ff75d6cdfbd9b9e2250e484e93d6 /LEVIN_PROTOCOL.md
parentMerge pull request #6198 (diff)
downloadmonero-56c4eda53f6025991d835fd9b4e9fcbcc90a8ae7.tar.xz
Provides safer semaphore privilege to jail; notes port/pkg availability
From the FreeBSD architecture handbook (https://www.freebsd.org/doc/en/books/arch-handbook/jail-restrictions.html) as it relates to `allow.sysvipc`, "By default, this sysctl is set to 0. If it were set to 1, it would defeat the whole purpose of having a jail; privileged users from the jail would be able to affect processes outside the jailed environment." This is undesirable behavior. Per `man jail`, regarding `allow.sysvipc`, "A process within the jail has access to System V primitives. This is deprecated in favor of the per-module parameters." Since FreeBSD 11, the new way to deal with this (the per-module parameters) is with: `sysvshm`, for shared memory, `sysvsem`, for semaphores, and `sysvmsg`, for message queues. These can be set selectively to either `disable`; `inherit`, for the previous behavior (problematic due to UID collision, apparently); and `new`, for new behavior that avoids the UID collision problem. Monero only uses semaphores, therefore we should recommend that jails be run with `sysvsem="new"` in the jail's jail.conf. Tested on FreeBSD 12.1. Also, Monero is now able to be downloaded as a package or built from ports as `monero-cli` with a versioned suffix. It's got `Monero 'Carbon Chamaeleon' (v0.15.0.1-release)` as of right now, and it's been there 2-3 months, meaning it's currently and timely.
Diffstat (limited to 'LEVIN_PROTOCOL.md')
0 files changed, 0 insertions, 0 deletions