Date: Tue, 27 Aug 2024 18:07:34 +0200 From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= <des@FreeBSD.org> To: doug@safeport.com Cc: Andrea Venturoli <ml@netfence.it>, doug@fledge.watson.org, freebsd-questions@freebsd.org Subject: Re: security.bsd.see_other_uids/gids and jails Message-ID: <86jzg23q61.fsf@ltc.des.dev> In-Reply-To: <b3c7639-bfb6-9f3a-45e-ccf6732a8417@safeport.com> (doug@safeport.com's message of "Sat, 24 Aug 2024 17:30:37 %2B0000 (UTC)") References: <902826c1-fc50-48aa-867d-8010b5814df2@netfence.it> <61ed9412-563-a5f-a3c0-66ff23cb5ac4@safeport.com> <0fe260da-43ff-4c14-9807-7b81cec37c83@netfence.it> <c0764f86-baea-6625-4f3b-d699ccff86b2@safeport.com> <fce56c0b-c32f-49bf-a3c9-df765fb15bf9@netfence.it> <b3c7639-bfb6-9f3a-45e-ccf6732a8417@safeport.com>
next in thread | previous in thread | raw e-mail | index | archive | help
doug@safeport.com writes: > If you did this command as root, your system is seriously messed up. I > did this on a 12.2 system runing as 12.2 jail. This is neither relevant nor helpful. - 12.2 is four years old and no longer supported. - `security.bsd.see_other_uids` is not settable from within a jail and never was (it does not, and never did, have the `CTLFLAG_PRISON` flag), so if you successfully did this, it is _your_ system which is =E2=80=9Cseriously messed up=E2=80=9D. - None of this answers the original question, which was whether it can be changed on a per-jail basis, and the answer to that is no, it applies equally to all users, jailed or unjailed. Only nodes in the `security.jail.param` subtree can be changed per-jail. DES --=20 Dag-Erling Sm=C3=B8rgrav - des@FreeBSD.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?86jzg23q61.fsf>