make world inside a jail
Ruslan Ermilov
ru at freebsd.org
Tue Nov 2 04:14:03 PST 2004
On Mon, Nov 01, 2004 at 09:29:32PM +0100, Oliver Lehmann wrote:
> Hi,
>
> today I played a bit with make world inside a jail, and get stuck with
> install -fschg - because setting the schg flag inside a jail is permitted.
> I removed at first all schg flags from outside the jail, Then I discovered
> the option NOFSCHG in share/mk/bsd.lib.mk and retried the build with make
> -DNOSCHG installworld.
> But I got now once more stuck because of -fschg was hardcoded:
>
> --- libexec/rtld-elf/Makefile.orig Mon Nov 1 20:18:45 2004
> +++ libexec/rtld-elf/Makefile Mon Nov 1 20:19:10 2004
> @@ -9,7 +9,11 @@
> CFLAGS+= -Wall -DFREEBSD_ELF -DIN_RTLD
> CFLAGS+= -I${.CURDIR}/${MACHINE_ARCH} -I${.CURDIR}
> LDFLAGS+= -nostdlib -e .rtld_start
> +.if !defined(NOFSCHG)
> INSTALLFLAGS= -fschg -C -b
> +.else
> +INSTALLFLAGS= -C -b
> +.endif
> BINDIR= /libexec
> SYMLINKS= ${BINDIR}/${PROG} /usr/libexec/${PROG}
> MLINKS= rtld.1 ld-elf.so.1.1 \
>
> and now I'm stuck once more with:
> ===> bin/rcp
> install -s -o root -g wheel -m 4555 -fschg rcp /bin
> install: /bin/rcp: Operation not permitted
>
> so I'm asking myself... maybe I'm doing sth. wrong? Is there an other way
> to avoid setting the schg flag during installworld?
> I actually don't care of security for that jail. I just have sth. to tast
> which I would preferably test within a jail and which requieres make
> world's.
> I could submit an pr with a patch which adds a NOSCHG option arround every
> -fschg assignment to INSTALLFLAGS if you want me to. But right now I'm
> just asking if there is something _I_ did wrong ;)
>
Try this:
make installworld INSTALLFLAGS_EDIT=:N-fschg
Cheers,
--
Ruslan Ermilov
ru at FreeBSD.org
FreeBSD committer
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-current/attachments/20041102/c040ca33/attachment.bin
More information about the freebsd-current
mailing list