Re: Proposal: Enabling unprivileged chroot by default
- In reply to: Jan Bramkamp : "Re: Proposal: Enabling unprivileged chroot by default"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Thu, 14 Aug 2025 17:34:36 UTC
On Thursday, 14 August 2025 at 00:35, Jan Bramkamp <crest@rlwinm.de> wrote: > On 05.08.25 16:57, Ed Maste wrote: > > > I would like to change the default value of the > > security.bsd.unprivileged_chroot sysctl from 0 (disabled) to 1 > > (enabled). This will allow unprivileged users to invoke chroot(2) > > under constrained and secure conditions. See the recent "Non-root > > chroot" thread on freebsd-hackers@ for some more context. > > I would like to see it go into FreeBSD 15.0 as enabled by default so this > > feature would be part of the default configuration and > > not just an effectively unsupported configuration. If a feature not being enabled by default makes it effectively unsupported, then all people who set the sysctl net.inet.ip.forwarding to 1 (the default is 0) are in trouble. Best regards, Jordan Gordeev