From owner-freebsd-bugs@FreeBSD.ORG Tue Dec 4 11:10:00 2012 Return-Path: Delivered-To: freebsd-bugs@smarthost.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id A8FEBE37 for ; Tue, 4 Dec 2012 11:10:00 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) by mx1.freebsd.org (Postfix) with ESMTP id 7BAFE8FC12 for ; Tue, 4 Dec 2012 11:10:00 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.5/8.14.5) with ESMTP id qB4BA0QA012206 for ; Tue, 4 Dec 2012 11:10:00 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.5/8.14.5/Submit) id qB4BA0TS012205; Tue, 4 Dec 2012 11:10:00 GMT (envelope-from gnats) Resent-Date: Tue, 4 Dec 2012 11:10:00 GMT Resent-Message-Id: <201212041110.qB4BA0TS012205@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Ed Maste Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 24F86C0C for ; Tue, 4 Dec 2012 11:02:25 +0000 (UTC) (envelope-from root@bld91.adaranet.com) Received: from bld91.adaranet.com (smtp.adaranet.com [72.5.229.2]) by mx1.freebsd.org (Postfix) with ESMTP id 0BA978FC0C for ; Tue, 4 Dec 2012 11:02:24 +0000 (UTC) Received: from bld91 (localhost [127.0.0.1]) by bld91 (8.14.5/8.14.5) with ESMTP id qB3JtpVA002613 for ; Mon, 3 Dec 2012 11:55:51 -0800 (PST) (envelope-from root@bld91) Received: (from root@localhost) by bld91 (8.14.5/8.14.5/Submit) id qB3JtpjU002612; Mon, 3 Dec 2012 11:55:51 -0800 (PST) (envelope-from root) Message-Id: <201212031955.qB3JtpjU002612@bld91> Date: Mon, 3 Dec 2012 11:55:51 -0800 (PST) From: Ed Maste To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: 3.113 Subject: kern/174104: security.jail.param does not reflect actual jail perms X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list Reply-To: Ed Maste List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 04 Dec 2012 11:10:00 -0000 >Number: 174104 >Category: kern >Synopsis: security.jail.param does not reflect actual jail perms >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Tue Dec 04 11:10:00 UTC 2012 >Closed-Date: >Last-Modified: >Originator: Ed Maste >Release: FreeBSD 9.1-RC3 amd64 >Organization: ADARA Networks >Environment: System: FreeBSD bld91 9.1-RC3 FreeBSD 9.1-RC3 #0 r243630M: Mon Dec 3 10:44:36 PST 2012 root@bld91:/data/obj/data/freebsd-src/9.1/sys/GENERIC amd64 >Description: I would expect security.jail.param.* to update inside the jail after using jail -m on the host to change settings, but this does not appear to happen. >How-To-Repeat: # on the host, disallow chflags: bld91# jail -m jid=2 allow.chflags=0 # in the jail, verify that chflags fails: root@tinderbox:/root # sysctl security.jail.param.allow.chflags security.jail.param.allow.chflags: 0 root@tinderbox:/root # touch foo root@tinderbox:/root # chflags schg foo; chflags noschg foo chflags: foo: Operation not permitted # on the host, allow chflags: bld91# jail -m jid=2 allow.chflags=1 # in the jail, chflags works but the sysctl still shows 0: root@tinderbox:/root # sysctl security.jail.param.allow.chflags security.jail.param.allow.chflags: 0 root@tinderbox:/root # chflags schg foo ; chflags noschg foo root@tinderbox:/root # >Fix: >Release-Note: >Audit-Trail: >Unformatted: