cvs commit: src/sys/ufs/ufs ufs_vnops.c

Pawel Jakub Dawidek pjd at
Sun Aug 22 05:21:58 PDT 2004

On Sun, Aug 22, 2004 at 02:03:41AM +0000, Christian S.J. Peron wrote:
+> csjp        2004-08-22 02:03:41 UTC
+>   FreeBSD src repository
+>   Modified files:
+>     sys/ufs/ufs          ufs_vnops.c 
+>   Log:
+>   Currently, if the secure level is low enough, system flags can
+>   be manipulated by prison root. In 4.x prison root can not manipulate
+>   system flags, regardless of the security level. This behavior
+>   should remain consistent to avoid any surprises which could lead
+>   to security problems for system administrators which give out
+>   privileged access to jails.
+>   This commit changes suser_cred's flag argument from SUSER_ALLOWJAIL
+>   to 0. This will prevent prison root from being able to manipulate
+>   system flags on files.
+>   This may be a MFC candidate for RELENG_5.

In 5.x we are able to set securelevel per jail, so jail's system
administrator can increase securelevel if he needs this behaviour.
I agree, that we should stay consistent with 4.x, that's why we should
put this under some sysctl with default value, that keeps 4.x
behaviour, but it could be changed if jail's system administrator wants
to take control over system flags.

Pawel Jakub Dawidek             
pjd at                 
FreeBSD committer                         Am I Evil? Yes, I Am!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url :

More information about the cvs-src mailing list