--- sys/dev/drm/drmP.h	2016-02-17 09:34:10.000000000 +0900
+++ sys/dev/drm/drmP.h	2016-03-06 17:11:56.525978000 +0900
@@ -221,7 +221,7 @@
 
 #define PAGE_ALIGN(addr) round_page(addr)
 /* DRM_SUSER returns true if the user is superuser */
-#define DRM_SUSER(p)		(priv_check(p, PRIV_DRIVER) == 0)
+#define DRM_SUSER(p)		(priv_check(p, PRIV_KMEM_WRITE) == 0)
 #define DRM_AGP_FIND_DEVICE()	agp_find_device()
 #define DRM_MTRR_WC		MDF_WRITECOMBINE
 #define jiffies			ticks
--- sys/kern/kern_jail.c	2016-02-17 09:34:17.000000000 +0900
+++ sys/kern/kern_jail.c	2016-03-07 09:49:17.458004000 +0900
@@ -207,6 +207,7 @@
 	"allow.mount.fdescfs",
 	"allow.mount.linprocfs",
 	"allow.mount.linsysfs",
+	"allow.kmem",
 };
 const size_t pr_allow_names_size = sizeof(pr_allow_names);
 
@@ -226,6 +227,7 @@
 	"allow.mount.nofdescfs",
 	"allow.mount.nolinprocfs",
 	"allow.mount.nolinsysfs",
+	"allow.nokmem",
 };
 const size_t pr_allow_nonames_size = sizeof(pr_allow_nonames);
 
@@ -4006,6 +4008,27 @@
 		return (0);
 
 		/*
+		 * Allow access to /dev/io in a jail if the non-jailed admin
+		 * requests this and if /dev/io exists in the jail. This
+		 * allows Xorg to probe a card.
+		 */
+	case PRIV_IO:
+		if (cred->cr_prison->pr_allow & PR_ALLOW_KMEM)
+			return (0);
+		else
+			return (EPERM);
+
+		/*
+		 * Allow low level access to KMEM-like devices (e.g. to
+		 * allow Xorg to use DRI).
+		 */
+	case PRIV_KMEM_WRITE:
+		if (cred->cr_prison->pr_allow & PR_ALLOW_KMEM)
+			return (0);
+		else
+			return (EPERM);
+
+		/*
 		 * Allow jailed root to set loginclass.
 		 */
 	case PRIV_PROC_SETLOGINCLASS:
@@ -4313,6 +4336,10 @@
     CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_MPSAFE,
     NULL, PR_ALLOW_MOUNT_ZFS, sysctl_jail_default_allow, "I",
     "Processes in jail can mount the zfs file system");
+SYSCTL_PROC(_security_jail, OID_AUTO, kmem_allowed,
+    CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_MPSAFE,
+    NULL, PR_ALLOW_KMEM, sysctl_jail_default_allow, "I",
+    "Processes in jail can access kmem");
 
 static int
 sysctl_jail_default_level(SYSCTL_HANDLER_ARGS)
@@ -4459,6 +4486,8 @@
     "B", "Jail may set file quotas");
 SYSCTL_JAIL_PARAM(_allow, socket_af, CTLTYPE_INT | CTLFLAG_RW,
     "B", "Jail may create sockets other than just UNIX/IPv4/IPv6/route");
+SYSCTL_JAIL_PARAM(_allow, kmem, CTLTYPE_INT | CTLFLAG_RW,
+    "B", "Jail may access kmem-like devices (io, dri) if they exist");
 
 SYSCTL_JAIL_PARAM_SUBNODE(allow, mount, "Jail mount/unmount permission flags");
 SYSCTL_JAIL_PARAM(_allow_mount, , CTLTYPE_INT | CTLFLAG_RW,
--- sys/sys/jail.h	2016-02-17 09:34:02.000000000 +0900
+++ sys/sys/jail.h	2016-03-07 18:10:56.018845000 +0900
@@ -232,7 +232,8 @@
 #define	PR_ALLOW_MOUNT_FDESCFS		0x1000
 #define	PR_ALLOW_MOUNT_LINPROCFS	0x2000
 #define	PR_ALLOW_MOUNT_LINSYSFS		0x4000
-#define	PR_ALLOW_ALL			0x7fff
+#define	PR_ALLOW_KMEM			0x8000
+#define	PR_ALLOW_ALL			0xffff
 
 /*
  * OSD methods