From owner-freebsd-questions@FreeBSD.ORG  Fri Jun  4 08:22:48 2010
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 4A1A2106564A
	for <questions@freebsd.org>; Fri,  4 Jun 2010 08:22:48 +0000 (UTC)
	(envelope-from cyberleo@cyberleo.net)
Received: from paka.cyberleo.net (paka.cyberleo.net [66.219.31.21])
	by mx1.freebsd.org (Postfix) with ESMTP id 2460F8FC22
	for <questions@freebsd.org>; Fri,  4 Jun 2010 08:22:47 +0000 (UTC)
Received: from [172.16.44.4] (h-74-2-96-2.chcgilgm.static.covad.net
	[74.2.96.2])
	by paka.cyberleo.net (Postfix) with ESMTPSA id 566DC28424;
	Fri,  4 Jun 2010 04:22:47 -0400 (EDT)
Message-ID: <4C08B7D6.5020604@cyberleo.net>
Date: Fri, 04 Jun 2010 03:22:46 -0500
From: CyberLeo Kitsana <cyberleo@cyberleo.net>
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US;
	rv:1.9.1.9) Gecko/20100508 Thunderbird/3.0.4
MIME-Version: 1.0
To: Fbsd1 <fbsd1@a1poweruser.com>
References: <4C08B252.8010008@a1poweruser.com>
In-Reply-To: <4C08B252.8010008@a1poweruser.com>
X-Enigmail-Version: 1.0.1
Content-Type: text/plain; charset=windows-1251
Content-Transfer-Encoding: 7bit
Cc: "questions@freebsd.org" <questions@freebsd.org>
Subject: Re: /var/empty has schg flag turned on. Why?
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 04 Jun 2010 08:22:48 -0000

On 06/04/2010 02:59 AM, Fbsd1 wrote:
> Why does the base RELEASE have schg flag turned for the /var/empty
> directory?
> 
> Is that directory really used for anything?
> 
> Is this a release build problem?

Certain daemons will chroot(2) to that directory to perform sensitive
privilege-separation operations, or when they know they will not need to
interact with the filesystem to perform their duties. The directory must
remain empty to ensure the operation is secure.

The best way to ensure no files are accidentally or intentionally
created there is to set it schg, which forbids any changes to the
directory (such as linking a file there).

-- 
Fuzzy love,
-CyberLeo
Furry Peace! - http://www.fur.com/peace/