From owner-freebsd-current@FreeBSD.ORG  Sat May 15 16:00:18 2004
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id 6EEFB16A4CE; Sat, 15 May 2004 16:00:18 -0700 (PDT)
Received: from sccrmhc13.comcast.net (sccrmhc13.comcast.net [204.127.202.64])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id C0EDB43D2F; Sat, 15 May 2004 16:00:15 -0700 (PDT)
	(envelope-from julian@elischer.org)
Received: from interjet.elischer.org ([24.7.73.28])
          by comcast.net (sccrmhc13) with ESMTP
          id <20040515230014016009gj0re>; Sat, 15 May 2004 23:00:15 +0000
Received: from localhost (localhost.elischer.org [127.0.0.1])
	by InterJet.elischer.org (8.9.1a/8.9.1) with ESMTP id QAA03193;
	Sat, 15 May 2004 16:00:12 -0700 (PDT)
Date: Sat, 15 May 2004 16:00:11 -0700 (PDT)
From: Julian Elischer <julian@elischer.org>
To: Pawel Jakub Dawidek <pjd@FreeBSD.org>
In-Reply-To: <20040515200401.GB845@darkness.comp.waw.pl>
Message-ID: <Pine.BSF.4.21.0405151559400.99779-100000@InterJet.elischer.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
cc: rwatson@freebsd.org
cc: FreeBSD current users <current@FreeBSD.ORG>
Subject: Re: jail and chflags [patch]
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
	<freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 15 May 2004 23:00:18 -0000



On Sat, 15 May 2004, Pawel Jakub Dawidek wrote:

> On Sat, May 15, 2004 at 07:52:15PM +0200, Pawel Jakub Dawidek wrote:
> +> On Fri, May 14, 2004 at 05:25:16PM -0700, Julian Elischer wrote:
> +> +> in fact experimentation in -current shows this to be correct..
> +> +> in a jail:
> +> +> 
> +> +> xxx#  chflags noschg libthr.so.1
> +> +> xxx# ls -lo libthr.so.1
> +> +> -r--r--r--  1 root  wheel  - 611568 May 15 00:02 libthr.so.1
> +> +> xxx# chflags schg libthr.so.1
> +> +> xxx# ls -lo libthr.so.1
> +> +> -r--r--r--  1 root  wheel  schg 611568 May 15 00:02 libthr.so.1
> +> +> xxx#  
> +> +> 
> +> +> comments? yeahs? neys?
> +> 
> +> Whoa! This looks very serious.
> 
> Ok, false alarm:) After discussion with rwatson@ and cperciva@, it looks
> that changing those flags is permitted due to per-jail securelevels,
> which were intruduced in 5.x.

so, should I add the sysctl?

> 
> -- 
> Pawel Jakub Dawidek                       http://www.FreeBSD.org
> pjd@FreeBSD.org                           http://garage.freebsd.pl
> FreeBSD committer                         Am I Evil? Yes, I Am!
>