/lib/libc.so.7 unsupported file format

Sami Halabi sodynet1 at gmail.com
Thu Oct 10 12:18:25 UTC 2013 

Hi,

 # sysctl security.jail.param.allow.chflags=1
security.jail.param.allow.chflags: 0 -> 0

the sysctl is not working, maybe it should be set on /boot/loder.conf

what i did is the following:
1. inside the jail
 a. i renamed /bin/chflags to /bin/chfalgs-old
 b. created /bin/chflags with the following:
     #!/bin/csh -f
     echo sami > /dev/null
2. a freebsd-update install in the jail yeilds installing the updates with
errors on /lib/libc.so.7 & /usr/bin/login
3. i did freebsd-update rollback
4. in the host i did:
  a. chflags noschg /usr/jails/sami/lib/libc.so.7
  b. chflags noschg /usr/jails/sami/usr/bin/login
5. in the jail i did:
 a. freebsd-update fetch
 b. freebsd-update install
6. in the host i did:
  a. chflags schg /usr/jails/sami/lib/libc.so.7
  b. chflags schg /usr/jails/sami/usr/bin/login
7. inside the jail
 a. removed /bin/chflags
 b. i renamed /bin/chflags-old to /bin/chfalgs


Worked for me.

Thanks for trying to hel pme,
Sami



On Thu, Oct 10, 2013 at 3:06 PM, Mark Felder <feld at freebsd.org> wrote:

> On Thu, Oct 10, 2013, at 7:03, Sami Halabi wrote:
> > Hi,
> > thanks for replying me so fast.
> >
> > what i ment is:
> > 1. in the jail (32 bit) to do:
> >  freebsd-update fetch
> >
> > # ls /var/db/freebsd-update/
> > ./
> > ../
> > f465c3739385890c221dff1a05e578c6cae0d0430e46996d319db7439f884336-install@
> > filelist
> > files/
> > install.TggE71/
> > pub.ssl
> > serverlist
> > serverlist_full
> > serverlist_tried
> > tINDEX.present
> > tag
> > root at sami:/ #
> >
> > root at sami:/ # more /var/db/freebsd-update/tag
> >
> freebsd-update|i386|9.1-RELEASE|7|b3924864da0e125ff57d2f9894347dbc0e130ae32a0647126d5109dbc099981e|1420070400
> > root at sami:/ #
> >
> > 2. since inside the jail:
> > root at sami:/ # freebsd-update install
> > Installing updates...chflags: ///lib/libc.so.7: Operation not permitted
> > root at sami:/ #
> >
> > not working because of chflags (maybe there is a sysctl that will allow a
> > jail to chflags??)
> >
> > i thought that maybe there is some way to do it from outside the jail.
> >
> > unfortunattly doing simple:
> > root at 6:/root # freebsd-update -b /usr/jails/sami -d
> > /usr/jails/sami/var/db/freebsd-update/ install
> > No updates are available to install.
> > Run '/usr/sbin/freebsd-update fetch' first.
> > root at 6:/root #
> >
> > i thought if there is some way to interpret the data and installing using
> > the host (maybe manually somehow...), or even changing the chflags inside
> > the jail to an executable that return success no matter what...
> >
>
> There is a sysctl for chflags:
>
> security.jail.param.allow.chflags
>
> and you can check if you have that access from within the jail via:
>
> security.jail.chflags_allowed
>
> I have not tried to do what you're attempting before simply because I've
> very rarely run 32bit jails on 64bit hosts. Hopefully this gets you in
> the right direction.
> _______________________________________________
> freebsd-jail at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-jail
> To unsubscribe, send any mail to "freebsd-jail-unsubscribe at freebsd.org"
>



-- 
Sami Halabi
Information Systems Engineer
NMS Projects Expert
FreeBSD SysAdmin Expert

More information about the freebsd-jail mailing list