From owner-freebsd-stable@FreeBSD.ORG Mon Sep 22 12:57:45 2008 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 94F7C106568D for ; Mon, 22 Sep 2008 12:57:45 +0000 (UTC) (envelope-from onemda@gmail.com) Received: from rv-out-0506.google.com (rv-out-0506.google.com [209.85.198.225]) by mx1.freebsd.org (Postfix) with ESMTP id 67FA18FC28 for ; Mon, 22 Sep 2008 12:57:45 +0000 (UTC) (envelope-from onemda@gmail.com) Received: by rv-out-0506.google.com with SMTP id b25so1371914rvf.43 for ; Mon, 22 Sep 2008 05:57:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to :subject:cc:in-reply-to:mime-version:content-type :content-transfer-encoding:content-disposition:references; bh=YnlD0CP7Iogpgvt1QTEs+XxQfDt9m2nWMG1azvEnWZI=; b=UyZBVapL1XvuiLO3BbrbmsZiucf8gZLFwFyto3EuHPeGJ2sA366ejIrLgOf8XLuCdX rNyyS5CKTKjXPqbfP9PbK24uQmYj53CqQ9p9YbEOiJ9+pds0/zhbkIn0cmgVWlTXKuNW RxJfBdTZrnBanXrAuUsdFyBE5M6DTYu7eqFwk= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:cc:in-reply-to:mime-version :content-type:content-transfer-encoding:content-disposition :references; b=LJGoV5dPTG0Zcev7IJ1HcBt2Zoi0zYgDK87RL6I8MwgauOuOzGUa1k9hqulUpZu8AM mzzdSeNo3RsQqtv1d4yodPhmFn6hzjVxKzCoU1oNhhjELgVxVtYtZIQmLicYULbbWskB 7jIMy9KYV+7DtMLttVynLHi8jkMq0nJhxgy/A= Received: by 10.141.106.14 with SMTP id i14mr1919969rvm.178.1222086977185; Mon, 22 Sep 2008 05:36:17 -0700 (PDT) Received: by 10.141.189.15 with HTTP; Mon, 22 Sep 2008 05:36:16 -0700 (PDT) Message-ID: <3a142e750809220536j51d0ed08ja3a87e6bff3b1c30@mail.gmail.com> Date: Mon, 22 Sep 2008 14:36:16 +0200 From: "Paul B. Mahol" To: "Jason C. Wells" In-Reply-To: <48D6CAAE.9060303@highperformance.net> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <48D68FD6.50804@highperformance.net> <20080921215113.GB9494@icarus.home.lan> <48D6C995.7060606@highperformance.net> <48D6CAAE.9060303@highperformance.net> Cc: Jeremy Chadwick , freebsd-stable Subject: Re: Installworld deletes libc X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 22 Sep 2008 12:57:45 -0000 On 9/22/08, Jason C. Wells wrote: > Jason C. Wells wrote: >> Jeremy Chadwick wrote: >>> On Sun, Sep 21, 2008 at 11:17:58AM -0700, Jason C. Wells wrote: >>>> I have the problem similar to one described in 20071024 UPDATING. >>>> The build is running inside a jail. The system is 6.2-RELEASE. I >>>> supped this moring. I have the correct lib/Makefile. During >>>> installworld I receive an error: >>>> >>>> install: /lib/libc.so.6: chflags: Operation not permitted >>>> *** Error code 71 >>>> >>>> Stop in /usr/src/lib/libc. >>>> >>>> My situation is different in the libc is erased in the process. >>>> Copying the new libc.so.6 from /usr/obj does not fix the problem. >>>> >>>> Any ideas? >>> >>> Sounds like kern.securelevel is in the way. See security(7). >> >> The securelevel would normally prevent the deletion of a file. The >> secure level of this jail is -1 in any case so the schg flag should be >> ignored. security.jail.chflags_allowed=0 seems to supersede the >> securelevel according to sysctl(8). >> >> Some part of installworld is misbehaving in the jail. The security >> mechanisms in securelevel and security.jail.chflags_allowed are not >> working. > > I should add that 'systcl security.jail.chflags_allowed=1' allowed > installworld to proceed without error. That solves my immediate problem. > There appears to be a bug in the security mechanism. sysctl -d security.jail.chflags_allowed security.jail.chflags_allowed: Processes in jail can alter system file flags It is not bug in security mechanism.