make world inside a jail

Tue Nov 2 04:14:03 PST 2004

On Mon, Nov 01, 2004 at 09:29:32PM +0100, Oliver Lehmann wrote:
> Hi,
> 
> today I played a bit with make world inside a jail, and get stuck with
> install -fschg - because setting the schg flag inside a jail is permitted.
> I removed at first all schg flags from outside the jail, Then I discovered
> the option NOFSCHG in share/mk/bsd.lib.mk and retried the build with make
> -DNOSCHG installworld.
> But I got now once more stuck because of -fschg was hardcoded:
> 
> --- libexec/rtld-elf/Makefile.orig	Mon Nov  1 20:18:45 2004
> +++ libexec/rtld-elf/Makefile	Mon Nov  1 20:19:10 2004
> @@ -9,7 +9,11 @@
>  CFLAGS+=	-Wall -DFREEBSD_ELF -DIN_RTLD
>  CFLAGS+=	-I${.CURDIR}/${MACHINE_ARCH} -I${.CURDIR}
>  LDFLAGS+=	-nostdlib -e .rtld_start
> +.if !defined(NOFSCHG)
>  INSTALLFLAGS=	-fschg -C -b
> +.else
> +INSTALLFLAGS=	-C -b
> +.endif
>  BINDIR=		/libexec
>  SYMLINKS=	${BINDIR}/${PROG} /usr/libexec/${PROG}
>  MLINKS=		rtld.1 ld-elf.so.1.1 \
> 
> and now I'm stuck once more with:
> ===> bin/rcp
> install -s -o root -g wheel -m 4555  -fschg rcp /bin
> install: /bin/rcp: Operation not permitted
> 
> so I'm asking myself... maybe I'm doing sth. wrong? Is there an other way
> to avoid setting the schg flag during installworld?
> I actually don't care of security for that jail. I just have sth. to tast
> which I would preferably test within a jail and which requieres make
> world's.
> I could submit an pr with a patch which adds a NOSCHG option arround every
> -fschg assignment to INSTALLFLAGS if you want me to. But right now I'm
> just asking if there is something _I_ did wrong ;)
> 
Try this:

	make installworld INSTALLFLAGS_EDIT=:N-fschg


Cheers,
-- 
Ruslan Ermilov
ru at FreeBSD.org
FreeBSD committer
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-current/attachments/20041102/c040ca33/attachment.bin