Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 22 Sep 2008 14:36:16 +0200
From:      "Paul B. Mahol" <onemda@gmail.com>
To:        "Jason C. Wells" <jcw@highperformance.net>
Cc:        Jeremy Chadwick <koitsu@freebsd.org>, freebsd-stable <freebsd-stable@freebsd.org>
Subject:   Re: Installworld deletes libc
Message-ID:  <3a142e750809220536j51d0ed08ja3a87e6bff3b1c30@mail.gmail.com>
In-Reply-To: <48D6CAAE.9060303@highperformance.net>
References:  <48D68FD6.50804@highperformance.net> <20080921215113.GB9494@icarus.home.lan> <48D6C995.7060606@highperformance.net> <48D6CAAE.9060303@highperformance.net>
next in thread | previous in thread | raw e-mail | index | archive | help 
On 9/22/08, Jason C. Wells <jcw@highperformance.net> wrote:
> Jason C. Wells wrote:
>> Jeremy Chadwick wrote:
>>> On Sun, Sep 21, 2008 at 11:17:58AM -0700, Jason C. Wells wrote:
>>>> I have the problem similar to one described in 20071024 UPDATING.
>>>> The  build is running inside a jail. The system is 6.2-RELEASE. I
>>>> supped this  moring.  I have the correct lib/Makefile.  During
>>>> installworld I receive  an error:
>>>>
>>>> install: /lib/libc.so.6: chflags: Operation not permitted
>>>> *** Error code 71
>>>>
>>>> Stop in /usr/src/lib/libc.
>>>>
>>>> My situation is different in the libc is erased in the process.
>>>> Copying  the new libc.so.6 from /usr/obj does not fix the problem.
>>>>
>>>> Any ideas?
>>>
>>> Sounds like kern.securelevel is in the way.  See security(7).
>>
>> The securelevel would normally prevent the deletion of a file.  The
>> secure level of this jail is -1 in any case so the schg flag should be
>> ignored. security.jail.chflags_allowed=0 seems to supersede the
>> securelevel according to sysctl(8).
>>
>> Some part of installworld is misbehaving in the jail. The security
>> mechanisms in securelevel and security.jail.chflags_allowed are not
>> working.
>
> I should add that 'systcl security.jail.chflags_allowed=1' allowed
> installworld to proceed without error. That solves my immediate problem.
>   There appears to be a bug in the security mechanism.

sysctl -d security.jail.chflags_allowed
security.jail.chflags_allowed: Processes in jail can alter system file flags

It is not bug in security mechanism.

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3a142e750809220536j51d0ed08ja3a87e6bff3b1c30>