jail file and directory permissions
glarkin at FreeBSD.org
Fri Apr 16 01:54:16 UTC 2010
-----BEGIN PGP SIGNED MESSAGE-----
Erich Jenkins, Fuujin Group Ltd wrote:
> Erich Jenkins, Fuujin Group Ltd wrote:
>> Greg Larkin wrote:
>>> -----BEGIN PGP SIGNED MESSAGE-----
>>> Hash: SHA1
>>> Erich Jenkins, Fuujin Group Ltd wrote:
>>>> Kalle Møller wrote:
>>>>> Could you please make a command list on what your doing and with
>>>>> output.. like this ...
>> Since this was a buildworld copied via NFS from a build environment,
>> it appears that something has gone terribly wrong during the build.
>> I'm going to wipe this machine and do a completely fresh install of
>> 7.0-REL, buildworld, and set up a jail to see if something did indeed
>> break, or if this is an actual bug.
>> Thank you very much to everyone who's responded to this issue. Your
>> input has been instrumental in helping troubleshoot this. I'll post as
>> soon as the build completes and I have a chance to test this tonight.
>> Erich M. Jenkins
>> Fuujin Group Limited
>> "You should never, never doubt what no one is sure about."
>> -- Gene Wilder
>> freebsd-jail at freebsd.org mailing list
>> To unsubscribe, send any mail to "freebsd-jail-unsubscribe at freebsd.org"
> After a fresh buildworld on this box, I am no longer seeing this user
> permissions issue, which leads me to believe something is very very
> wrong with the way it was built on the build server for the cluster. If
> anyone would like, I'll tar up the build environment and put it
> somewhere it can be accessed, assuming someone has the time/inclination
> to sift through it and see what happened. I spent a few hours this
> morning going through it and can't find anything out of the ordinary,
> but most of the inner working of jails is a "black box" to me.
> Thank you for all the feedback. I'm setting up the new build environment
> for the cluster to fix this issue for deployed systems.
> Erich M. Jenkins
> Fuujin Group Limited
> "You should never, never doubt what no one is sure about."
> -- Gene Wilder
I'm glad to hear that you got everything sorted out! If it's possible
to set up the previous environment in a virtual machine or some spare
hardware and grant me an ssh login, I would be interested in doing more
tests to see if I can figure out what's going on.
Whether there's a bug in the jail subsystem or a hole in the
provisioning process that allows the privilege escalation, it would
certainly be good to find the root cause.
http://www.FreeBSD.org/ - The Power To Serve
http://www.sourcehosting.net/ - Ready. Set. Code.
http://twitter.com/sourcehosting/ - Follow me, follow you
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
-----END PGP SIGNATURE-----
More information about the freebsd-bugs