Date: Sat, 09 Aug 2025 15:50:29 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 288751] chroot -n fails with "setgroups: Operation not permitted" when security.bsd.unprivileged_chroot=1 Message-ID: <bug-288751-227@https.bugs.freebsd.org/bugzilla/>
index | next in thread | raw e-mail
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=288751 Bug ID: 288751 Summary: chroot -n fails with "setgroups: Operation not permitted" when security.bsd.unprivileged_chroot=1 Product: Base System Version: 15.0-CURRENT Hardware: Any OS: Any Status: New Severity: Affects Some People Priority: --- Component: bin Assignee: bugs@FreeBSD.org Reporter: beldin@beldin.org Recent changes to chroot have resulted in chroot -n <path> failing compared to previous cases. The resulting error is : chroot: setgroups: Operation not permitted This appears to be caused by gids being set to a minimum of 1 (previously 0) at line 150 of usr.sbin/chroot/chroot.c which then results in setgroups being called at line 178 when previously a null grouplist would have caused gids to be zero. A suggested fix would be to change line 178 from: if (gids && setgroups(gids, gidlist) == -1) to: if (grouplist != NULL && setgroups(gids, gidlist) == -1) since previously setgroups was only called if grouplist was set via the -G command line argument. (This maintains the recent change to fill the first entry of gidlist with the egid). This change solved the issue for me. -- You are receiving this mail because: You are the assignee for the bug.home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-288751-227>