cvs commit: src/sys/kern kern_jail.c src/sys/sys jail.h
src/sys/ufs/ufs ufs_vnops.c src/usr.sbin/jail jail.8
Pawel Jakub Dawidek
pjd at FreeBSD.org
Wed Feb 9 17:32:33 GMT 2005
On Wed, Feb 09, 2005 at 05:24:26PM +0000, Colin Percival wrote:
+> Pawel Jakub Dawidek wrote:
+> >On Tue, Feb 08, 2005 at 09:31:11PM +0000, Colin Percival wrote:
+> >+> Add a new sysctl, "security.jail.chflags_allowed", which controls the
+> >+> behaviour of chflags within a jail. If set to 0 (the default), then a
+> >+> jailed root user is treated as an unprivileged user; if set to 1, then
+> >+> a jailed root user is treated the same as an unjailed root user.
+> >
+> >More than that. It should be allowed in the future by default
+>
+> Don't you think it's better to err on the side of security? There
+> are certainly times when allowing a jailed user to manipulate system
+> file flags could cause (non-obvious) problems, while any failure
+> caused by an inability to set these flags will be immediately obvious.
I think, this behaviour was introduced in RELENG_4, because of lack
per-jail securelevels. Now we have those and I think we should not add
yet another sysctl for jails, securelevel is enough IMHO.
+> Also, I'm planning on MFCing this to RELENG_5, and we definitely don't
+> want the default behaviour to change there.
Sure.
--
Pawel Jakub Dawidek http://www.wheel.pl
pjd at FreeBSD.org http://www.FreeBSD.org
FreeBSD committer Am I Evil? Yes, I Am!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/cvs-src/attachments/20050209/dd8b0ed2/attachment.bin
More information about the cvs-src
mailing list