Date: Sat, 15 May 2004 16:00:11 -0700 (PDT) From: Julian Elischer <julian@elischer.org> To: Pawel Jakub Dawidek <pjd@FreeBSD.org> Cc: FreeBSD current users <current@FreeBSD.ORG> Subject: Re: jail and chflags [patch] Message-ID: <Pine.BSF.4.21.0405151559400.99779-100000@InterJet.elischer.org> In-Reply-To: <20040515200401.GB845@darkness.comp.waw.pl>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, 15 May 2004, Pawel Jakub Dawidek wrote: > On Sat, May 15, 2004 at 07:52:15PM +0200, Pawel Jakub Dawidek wrote: > +> On Fri, May 14, 2004 at 05:25:16PM -0700, Julian Elischer wrote: > +> +> in fact experimentation in -current shows this to be correct.. > +> +> in a jail: > +> +> > +> +> xxx# chflags noschg libthr.so.1 > +> +> xxx# ls -lo libthr.so.1 > +> +> -r--r--r-- 1 root wheel - 611568 May 15 00:02 libthr.so.1 > +> +> xxx# chflags schg libthr.so.1 > +> +> xxx# ls -lo libthr.so.1 > +> +> -r--r--r-- 1 root wheel schg 611568 May 15 00:02 libthr.so.1 > +> +> xxx# > +> +> > +> +> comments? yeahs? neys? > +> > +> Whoa! This looks very serious. > > Ok, false alarm:) After discussion with rwatson@ and cperciva@, it looks > that changing those flags is permitted due to per-jail securelevels, > which were intruduced in 5.x. so, should I add the sysctl? > > -- > Pawel Jakub Dawidek http://www.FreeBSD.org > pjd@FreeBSD.org http://garage.freebsd.pl > FreeBSD committer Am I Evil? Yes, I Am! >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0405151559400.99779-100000>