Date: Tue, 8 Feb 2005 22:50:41 +0100 From: Pawel Jakub Dawidek <pjd@FreeBSD.org> To: Colin Percival <cperciva@FreeBSD.org> Cc: cvs-all@FreeBSD.org Subject: Re: cvs commit: src/sys/kern kern_jail.c src/sys/sys jail.h src/sys/ufs/ufs ufs_vnops.c src/usr.sbin/jail jail.8 Message-ID: <20050208215041.GP1080@darkness.comp.waw.pl> In-Reply-To: <200502082131.j18LVBBd031393@repoman.freebsd.org> References: <200502082131.j18LVBBd031393@repoman.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--+nG9yj4eE4W6Oba0 Content-Type: text/plain; charset=iso-8859-2 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Feb 08, 2005 at 09:31:11PM +0000, Colin Percival wrote: +> cperciva 2005-02-08 21:31:11 UTC +>=20 +> FreeBSD src repository +>=20 +> Modified files: +> sys/kern kern_jail.c=20 +> sys/sys jail.h=20 +> sys/ufs/ufs ufs_vnops.c=20 +> usr.sbin/jail jail.8=20 +> Log: +> Add a new sysctl, "security.jail.chflags_allowed", which controls the +> behaviour of chflags within a jail. If set to 0 (the default), then a +> jailed root user is treated as an unprivileged user; if set to 1, then +> a jailed root user is treated the same as an unjailed root user. +> =20 +> This is necessary to allow "make installworld" to work inside a jail, +> since it attempts to manipulate the system immutable flag on certain +> files. More than that. It should be allowed in the future by default and this behaviour should be controlled by jail's securelevel. --=20 Pawel Jakub Dawidek http://www.wheel.pl pjd@FreeBSD.org http://www.FreeBSD.org FreeBSD committer Am I Evil? Yes, I Am! --+nG9yj4eE4W6Oba0 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQFCCTQxForvXbEpPzQRAoBpAJ96CRpJ50ouDblplrkBYxbgQozVoQCePSLO 5/0gMGxu7JnzUoB2VvFjejg= =MhJQ -----END PGP SIGNATURE----- --+nG9yj4eE4W6Oba0--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050208215041.GP1080>