From owner-freebsd-ports-bugs@FreeBSD.ORG  Mon Jul 22 16:20:01 2013
Return-Path: <owner-freebsd-ports-bugs@FreeBSD.ORG>
Delivered-To: freebsd-ports-bugs@smarthost.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 by hub.freebsd.org (Postfix) with ESMTP id CA938505
 for <freebsd-ports-bugs@smarthost.ysv.freebsd.org>;
 Mon, 22 Jul 2013 16:20:01 +0000 (UTC)
 (envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org
 [IPv6:2001:1900:2254:206c::16:87])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by mx1.freebsd.org (Postfix) with ESMTPS id A8C54270B
 for <freebsd-ports-bugs@smarthost.ysv.freebsd.org>;
 Mon, 22 Jul 2013 16:20:01 +0000 (UTC)
Received: from freefall.freebsd.org (localhost [127.0.0.1])
 by freefall.freebsd.org (8.14.7/8.14.7) with ESMTP id r6MGK19I020047
 for <freebsd-ports-bugs@freefall.freebsd.org>; Mon, 22 Jul 2013 16:20:01 GMT
 (envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
 by freefall.freebsd.org (8.14.7/8.14.7/Submit) id r6MGK1bq020046;
 Mon, 22 Jul 2013 16:20:01 GMT (envelope-from gnats)
Resent-Date: Mon, 22 Jul 2013 16:20:01 GMT
Resent-Message-Id: <201307221620.r6MGK1bq020046@freefall.freebsd.org>
Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer)
Resent-To: freebsd-ports-bugs@FreeBSD.org
Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org,
 "Julian H. Stacey" <jhs@berklix.com>
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 by hub.freebsd.org (Postfix) with ESMTP id 9DCEC308;
 Mon, 22 Jul 2013 16:16:00 +0000 (UTC) (envelope-from jhs@berklix.com)
Received: from land.berklix.org (land.berklix.org [144.76.10.75])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by mx1.freebsd.org (Postfix) with ESMTPS id 3E33526CD;
 Mon, 22 Jul 2013 16:15:59 +0000 (UTC)
Received: from park.js.berklix.net (p5DCBC192.dip0.t-ipconnect.de
 [93.203.193.146]) (authenticated bits=128)
 by land.berklix.org (8.14.5/8.14.5) with ESMTP id r6MGFoL3071229;
 Mon, 22 Jul 2013 16:15:50 GMT (envelope-from jhs@berklix.com)
Received: from lapr.js.berklix.net (lapr.js.berklix.net [192.168.91.68])
 by park.js.berklix.net (8.14.3/8.14.3) with ESMTP id r6MGFdHj004554;
 Mon, 22 Jul 2013 18:15:39 +0200 (CEST)
 (envelope-from jhs@lapr.js.berklix.net)
Received: from lapr.js.berklix.net (localhost [127.0.0.1])
 by lapr.js.berklix.net (8.14.5/8.14.5) with ESMTP id r6MGFESl011740;
 Mon, 22 Jul 2013 18:15:19 +0200 (CEST)
 (envelope-from jhs@lapr.js.berklix.net)
Received: (from jhs@localhost)
 by lapr.js.berklix.net (8.14.5/8.14.5/Submit) id r6MGErgp011734;
 Mon, 22 Jul 2013 18:14:53 +0200 (CEST) (envelope-from jhs)
Message-Id: <201307221614.r6MGErgp011734@lapr.js.berklix.net>
Date: Mon, 22 Jul 2013 18:14:53 +0200 (CEST)
From: "Julian H. Stacey" <jhs@berklix.com>
To: FreeBSD-gnats-submit@freebsd.org
X-Send-Pr-Version: 3.113
Subject: ports/180739: ports/sysutils/ezjail patch
Cc: Maintainer of ports/sysutils/ezjail <erdgeist@erdgeist.org>
X-BeenThere: freebsd-ports-bugs@freebsd.org
X-Mailman-Version: 2.1.14
Precedence: list
Reply-To: "Julian H. Stacey" <jhs@berklix.com>
List-Id: Ports bug reports <freebsd-ports-bugs.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-ports-bugs>, 
 <mailto:freebsd-ports-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ports-bugs>
List-Post: <mailto:freebsd-ports-bugs@freebsd.org>
List-Help: <mailto:freebsd-ports-bugs-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports-bugs>, 
 <mailto:freebsd-ports-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 22 Jul 2013 16:20:01 -0000


>Number:         180739
>Category:       ports
>Synopsis:       ports/sysutils/ezjail patch
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Mon Jul 22 16:20:00 UTC 2013
>Closed-Date:
>Last-Modified:
>Originator:     Julian H. Stacey
>Release:        FreeBSD 9.1-RELEASE amd64
>Organization:
http://www.berklix.com
>Environment:
System: FreeBSD lapr.js.berklix.net 9.1-RELEASE FreeBSD 9.1-RELEASE #3: Tue Apr 9 14:33:17 CEST 2013 jhs@lapr.js.berklix.net:/sys/amd64/compile/LAPR.small amd64


	
>Description:
	
	patch to fix ports/sysutils/ezjail
	Description private mailed to maintainer & S.O.
>How-To-Repeat:
	
>Fix:

	
	How To Repeat private mailed to maintainer & S.O.

Patch appended, a later fix for more may appear at master copy:
http://www.berklix.com/~jhs/src/bsd/fixes/FreeBSD/ports/gen/sysutils/ezjail/files/patch-bb.REL=ALL

Applies to ports/sysutils/ezjail using ezjail-3.3 
on current ports @ Mon Jul 22 15:53:40 CEST 2013

As well as applying the ports/ patch, it is reccomended that
administrators with prisons hosting jails within, that were
created by ports/sysutils/ezjail should:
	cd /usr/jails ; chmod o-rwx * ; chmod o+rx basejail
(Administrators & users of jails do not need to do anything).

I suggest port Maintainer should also modify permissions with which
/usr/jails/newjail gets installed (with an o-rwx), as those permissions
get inherited by "ezjail-admin create" (& fixed by patch below).
(Sorry, no time to also do that currently, as about to travel)

Explanatory notes privately mailed to:
"Maintainer of ports/sysutils/ezjail" <erdgeist@erdgeist.org>, & S O

*** ezjail-admin.orig	Mon Jul 22 14:47:30 2013
--- ezjail-admin	Mon Jul 22 14:57:02 2013
***************
*** 645,650 ****
--- 645,651 ----
        newfs -U "/dev/${ezjail_device}" || detach_images || exerr "Error: Could not newfs /dev/${ezjail_device}."
        # Create mount point and mount
        mkdir -p "${ezjail_rootdir}" || detach_images || exerr "Error: Could not create jail root mount point ${ezjail_rootdir}."
+       chmod o-rwx ${ezjail_rootdir}
        mount "/dev/${ezjail_device}" "${ezjail_rootdir}" || detach_images || exerr "Error: Could not mount /dev/${ezjail_device} to ${ezjail_root}."
      else
        if [ -e "${ezjail_rootdir}" -a ! -d "${ezjail_rootdir}" ]; then
***************
*** 660,665 ****
--- 662,668 ----
      ezjail_makeabsolute ezjail_fromarchive
      [ "${ezjail_fromarchive}" = "-" ] && unset ezjail_archive_opt || ezjail_archive_opt="-f ${ezjail_fromarchive}"
      mkdir -p "${ezjail_rootdir}" && cd "${ezjail_rootdir}" && pax -rz -pe ${ezjail_archive_opt} -s:^ezjail:.: ezjail/*
+       chmod o-rwx ${ezjail_rootdir}
      [ $? -eq 0 ] || detach_images || exerr "Error: Could not extract archive from ${ezjail_fromarchive}."
    elif [ -z "${ezjail_exists}" ]; then
      # now take a copy of our template jail
***************
*** 671,676 ****
--- 675,681 ----
        /sbin/zfs destroy ${ezjail_jailzfs}/newjail@_createnewjailtmp
      else
        mkdir -p "${ezjail_rootdir}" && cd "${ezjail_jailtemplate}" && find . | cpio -p -v "${ezjail_rootdir}" > /dev/null
+       chmod o-rwx ${ezjail_rootdir}
      fi
  
      [ $? -eq 0 ] || detach_images || exerr "Error: Could not copy template jail."
>Release-Note:
>Audit-Trail:
>Unformatted: