From owner-freebsd-current@FreeBSD.ORG Thu Apr 12 17:30:59 2007 Return-Path: X-Original-To: current@freebsd.org Delivered-To: freebsd-current@FreeBSD.ORG Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 6C0F216A402 for ; Thu, 12 Apr 2007 17:30:59 +0000 (UTC) (envelope-from anderson@freebsd.org) Received: from mh1.centtech.com (moat3.centtech.com [64.129.166.50]) by mx1.freebsd.org (Postfix) with ESMTP id 3D18913C45B for ; Thu, 12 Apr 2007 17:30:59 +0000 (UTC) (envelope-from anderson@freebsd.org) Received: from [10.177.171.220] (neutrino.centtech.com [10.177.171.220]) by mh1.centtech.com (8.13.8/8.13.8) with ESMTP id l3CHUtQ9048553; Thu, 12 Apr 2007 12:30:55 -0500 (CDT) (envelope-from anderson@freebsd.org) Message-ID: <461E6CCF.2080802@freebsd.org> Date: Thu, 12 Apr 2007 12:30:55 -0500 From: Eric Anderson User-Agent: Thunderbird 1.5.0.10 (X11/20070320) MIME-Version: 1.0 To: Kris Kennaway References: <200704112004.03903.lists@jnielsen.net> <20070412021645.GQ30772@cicely12.cicely.de> <20070412114135.C64803@fledge.watson.org> <20070412172811.GA48309@xor.obsecurity.org> In-Reply-To: <20070412172811.GA48309@xor.obsecurity.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: ClamAV 0.88.4/3082/Thu Apr 12 09:20:14 2007 on mh1.centtech.com X-Virus-Status: Clean X-Spam-Status: No, score=-2.6 required=8.0 tests=AWL,BAYES_00 autolearn=ham version=3.1.6 X-Spam-Checker-Version: SpamAssassin 3.1.6 (2006-10-03) on mh1.centtech.com Cc: current@freebsd.org Subject: Re: ZFS to support chflags? X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 12 Apr 2007 17:30:59 -0000 On 04/12/07 12:28, Kris Kennaway wrote: > On Thu, Apr 12, 2007 at 11:42:37AM +0100, Robert Watson wrote: >> On Thu, 12 Apr 2007, Bernd Walter wrote: >> >>> On Wed, Apr 11, 2007 at 08:04:03PM -0400, John Nielsen wrote: >>> >>>> I just moved /usr over to a zpool on my -CURRENT system. Performance and >>>> stability are both excellent so far. (Thanks Pawel!) However I noticed >>>> that setting FS flags on files with chflags is not supported. Would it be >>>> feasible to add support for flags on ZFS, and if so are there plans to do >>>> so? >>>> >>>> If not (and/or in the meantime), are there any places in the base system >>>> where flags are required for normal operation? (/var maybe?) >>> Some binaries have such flags set, but it is not required, otherwise >>> diskless NFS wouldn't work. I often see installworld warnings about beeing >>> unable to set extended flags on ld.so and others on my diskless boxes. >> I'm not a big fan of setting these flags -- I fairly frequently run into >> problems when I installworld an NFS root on the NFS host, then try to work >> with it over NFS from the NFS-booted system, as the flags can't be removed >> via NFS. They don't offer a security benefit as-installed, and perhaps >> offer a benefit with respect to preventing people from shooting themselves >> in the foot (or perhaps not). > > Yeah, historical intentions notwithstanding, the real benefit of schg > flags on critical pieces is anti foot-shooting. e.g. you really don't > want to accidentally delete ld-elf.so.1 or libc.so.7 or init. > You can usually recover from this, but it can mess up your whole day > :) > > Kris Yea, all I have to say is: thank you to for /rescue!!! Eric