jail and chflags [patch]
Julian Elischer
julian at elischer.org
Sat May 15 16:00:18 PDT 2004
On Sat, 15 May 2004, Pawel Jakub Dawidek wrote:
> On Sat, May 15, 2004 at 07:52:15PM +0200, Pawel Jakub Dawidek wrote:
> +> On Fri, May 14, 2004 at 05:25:16PM -0700, Julian Elischer wrote:
> +> +> in fact experimentation in -current shows this to be correct..
> +> +> in a jail:
> +> +>
> +> +> xxx# chflags noschg libthr.so.1
> +> +> xxx# ls -lo libthr.so.1
> +> +> -r--r--r-- 1 root wheel - 611568 May 15 00:02 libthr.so.1
> +> +> xxx# chflags schg libthr.so.1
> +> +> xxx# ls -lo libthr.so.1
> +> +> -r--r--r-- 1 root wheel schg 611568 May 15 00:02 libthr.so.1
> +> +> xxx#
> +> +>
> +> +> comments? yeahs? neys?
> +>
> +> Whoa! This looks very serious.
>
> Ok, false alarm:) After discussion with rwatson@ and cperciva@, it looks
> that changing those flags is permitted due to per-jail securelevels,
> which were intruduced in 5.x.
so, should I add the sysctl?
>
> --
> Pawel Jakub Dawidek http://www.FreeBSD.org
> pjd at FreeBSD.org http://garage.freebsd.pl
> FreeBSD committer Am I Evil? Yes, I Am!
>
More information about the freebsd-current
mailing list