From owner-freebsd-current@FreeBSD.ORG  Sat May 15 13:04:06 2004
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id 4C60516A4CE; Sat, 15 May 2004 13:04:06 -0700 (PDT)
Received: from darkness.comp.waw.pl (darkness.comp.waw.pl [195.117.238.236])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id 23DE143D45; Sat, 15 May 2004 13:04:05 -0700 (PDT)
	(envelope-from pjd@darkness.comp.waw.pl)
Received: by darkness.comp.waw.pl (Postfix, from userid 1009)
	id 18A91ACADB; Sat, 15 May 2004 22:04:01 +0200 (CEST)
Date: Sat, 15 May 2004 22:04:01 +0200
From: Pawel Jakub Dawidek <pjd@FreeBSD.org>
To: Julian Elischer <julian@elischer.org>
Message-ID: <20040515200401.GB845@darkness.comp.waw.pl>
References: <Pine.BSF.4.21.0405141637420.85816-100000@InterJet.elischer.org>
	<20040515175215.GA845@darkness.comp.waw.pl>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="te9Bkl2b4W0C+FfQ"
Content-Disposition: inline
In-Reply-To: <20040515175215.GA845@darkness.comp.waw.pl>
User-Agent: Mutt/1.4.2i
X-PGP-Key-URL: http://people.freebsd.org/~pjd/pjd.asc
X-OS: FreeBSD 5.2.1-RC2 i386
cc: rwatson@freebsd.org
cc: FreeBSD current users <current@FreeBSD.ORG>
Subject: Re: jail and chflags [patch]
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
	<freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 15 May 2004 20:04:06 -0000


--te9Bkl2b4W0C+FfQ
Content-Type: text/plain; charset=iso-8859-2
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Sat, May 15, 2004 at 07:52:15PM +0200, Pawel Jakub Dawidek wrote:
+> On Fri, May 14, 2004 at 05:25:16PM -0700, Julian Elischer wrote:
+> +> in fact experimentation in -current shows this to be correct..
+> +> in a jail:
+> +>=20
+> +> xxx#  chflags noschg libthr.so.1
+> +> xxx# ls -lo libthr.so.1
+> +> -r--r--r--  1 root  wheel  - 611568 May 15 00:02 libthr.so.1
+> +> xxx# chflags schg libthr.so.1
+> +> xxx# ls -lo libthr.so.1
+> +> -r--r--r--  1 root  wheel  schg 611568 May 15 00:02 libthr.so.1
+> +> xxx# =20
+> +>=20
+> +> comments? yeahs? neys?
+>=20
+> Whoa! This looks very serious.

Ok, false alarm:) After discussion with rwatson@ and cperciva@, it looks
that changing those flags is permitted due to per-jail securelevels,
which were intruduced in 5.x.

--=20
Pawel Jakub Dawidek                       http://www.FreeBSD.org
pjd@FreeBSD.org                           http://garage.freebsd.pl
FreeBSD committer                         Am I Evil? Yes, I Am!

--te9Bkl2b4W0C+FfQ
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (FreeBSD)

iD8DBQFApnexForvXbEpPzQRApEYAKCaPXroCz7OTCOm1E0WJONIysQ4BgCeKvB4
vzejmP5UrBeuy/XJWvaTC/4=
=5KJR
-----END PGP SIGNATURE-----

--te9Bkl2b4W0C+FfQ--