Date: Tue, 27 Aug 2024 17:14:32 +0000 (UTC) From: doug@safeport.com To: =?ISO-8859-15?Q?Dag-Erling_Sm=F8rgrav?= <des@FreeBSD.org> Cc: Andrea Venturoli <ml@netfence.it>, freebsd-questions@freebsd.org Subject: Re: security.bsd.see_other_uids/gids and jails Message-ID: <a9557224-bd71-e64c-b9dd-2f673238a4f1@safeport.com> In-Reply-To: <86jzg23q61.fsf@ltc.des.dev> References: <902826c1-fc50-48aa-867d-8010b5814df2@netfence.it> <61ed9412-563-a5f-a3c0-66ff23cb5ac4@safeport.com> <0fe260da-43ff-4c14-9807-7b81cec37c83@netfence.it> <c0764f86-baea-6625-4f3b-d699ccff86b2@safeport.com> <fce56c0b-c32f-49bf-a3c9-df765fb15bf9@netfence.it> <b3c7639-bfb6-9f3a-45e-ccf6732a8417@safeport.com> <86jzg23q61.fsf@ltc.des.dev>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 27 Aug 2024, Dag-Erling Sm?rgrav wrote: > doug@safeport.com writes: >> If you did this command as root, your system is seriously messed up. I >> did this on a 12.2 system runing as 12.2 jail. > > This is neither relevant nor helpful. > > - 12.2 is four years old and no longer supported. > > - `security.bsd.see_other_uids` is not settable from within a jail and > never was (it does not, and never did, have the `CTLFLAG_PRISON` > flag), so if you successfully did this, it is _your_ system which is > ?seriously messed up?. > > - None of this answers the original question, which was whether it can > be changed on a per-jail basis, and the answer to that is no, it > applies equally to all users, jailed or unjailed. Only nodes in the > `security.jail.param` subtree can be changed per-jail. > So a facility that worked in 12.2 was taken away in 14.1? It seems to also work on my 14.1 system. The question as I understood it was can this be done with different jails having different setting. That answer is yes. If I did not understand the question, my bad.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?a9557224-bd71-e64c-b9dd-2f673238a4f1>