Date: Thu, 10 Oct 2013 15:18:24 +0300 From: Sami Halabi <sodynet1@gmail.com> To: Mark Felder <feld@freebsd.org> Cc: freebsd-jail@freebsd.org Subject: Re: /lib/libc.so.7 unsupported file format Message-ID: <CAEW%2BogbA6UAw3X6f0ydjxMd-hcqr7Myf%2B3HjFv9gsf7uKP59CQ@mail.gmail.com> In-Reply-To: <1381406813.7807.32351005.62A30408@webmail.messagingengine.com> References: <CAEW%2BogaW2VVb%2Bba_rydM9rtTpG_AqaJqTbPJz5Y7rOeoD%2B3coQ@mail.gmail.com> <1381404913.25836.32340457.0EA543A2@webmail.messagingengine.com> <CAEW%2Boga28yB=i1eBbY8RyVCgsWigjxfNmH=oGX%2BSstuzrZPwkA@mail.gmail.com> <1381406101.2271.32347133.46E044A4@webmail.messagingengine.com> <CAEW%2BogacYBMVQ1kN=qjScCfrkJZiTNc-nRYZ_01d7g--JKGEXw@mail.gmail.com> <1381406813.7807.32351005.62A30408@webmail.messagingengine.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi,
# sysctl security.jail.param.allow.chflags=1
security.jail.param.allow.chflags: 0 -> 0
the sysctl is not working, maybe it should be set on /boot/loder.conf
what i did is the following:
1. inside the jail
a. i renamed /bin/chflags to /bin/chfalgs-old
b. created /bin/chflags with the following:
#!/bin/csh -f
echo sami > /dev/null
2. a freebsd-update install in the jail yeilds installing the updates with
errors on /lib/libc.so.7 & /usr/bin/login
3. i did freebsd-update rollback
4. in the host i did:
a. chflags noschg /usr/jails/sami/lib/libc.so.7
b. chflags noschg /usr/jails/sami/usr/bin/login
5. in the jail i did:
a. freebsd-update fetch
b. freebsd-update install
6. in the host i did:
a. chflags schg /usr/jails/sami/lib/libc.so.7
b. chflags schg /usr/jails/sami/usr/bin/login
7. inside the jail
a. removed /bin/chflags
b. i renamed /bin/chflags-old to /bin/chfalgs
Worked for me.
Thanks for trying to hel pme,
Sami
On Thu, Oct 10, 2013 at 3:06 PM, Mark Felder <feld@freebsd.org> wrote:
> On Thu, Oct 10, 2013, at 7:03, Sami Halabi wrote:
> > Hi,
> > thanks for replying me so fast.
> >
> > what i ment is:
> > 1. in the jail (32 bit) to do:
> > freebsd-update fetch
> >
> > # ls /var/db/freebsd-update/
> > ./
> > ../
> > f465c3739385890c221dff1a05e578c6cae0d0430e46996d319db7439f884336-install@
> > filelist
> > files/
> > install.TggE71/
> > pub.ssl
> > serverlist
> > serverlist_full
> > serverlist_tried
> > tINDEX.present
> > tag
> > root@sami:/ #
> >
> > root@sami:/ # more /var/db/freebsd-update/tag
> >
> freebsd-update|i386|9.1-RELEASE|7|b3924864da0e125ff57d2f9894347dbc0e130ae32a0647126d5109dbc099981e|1420070400
> > root@sami:/ #
> >
> > 2. since inside the jail:
> > root@sami:/ # freebsd-update install
> > Installing updates...chflags: ///lib/libc.so.7: Operation not permitted
> > root@sami:/ #
> >
> > not working because of chflags (maybe there is a sysctl that will allow a
> > jail to chflags??)
> >
> > i thought that maybe there is some way to do it from outside the jail.
> >
> > unfortunattly doing simple:
> > root@6:/root # freebsd-update -b /usr/jails/sami -d
> > /usr/jails/sami/var/db/freebsd-update/ install
> > No updates are available to install.
> > Run '/usr/sbin/freebsd-update fetch' first.
> > root@6:/root #
> >
> > i thought if there is some way to interpret the data and installing using
> > the host (maybe manually somehow...), or even changing the chflags inside
> > the jail to an executable that return success no matter what...
> >
>
> There is a sysctl for chflags:
>
> security.jail.param.allow.chflags
>
> and you can check if you have that access from within the jail via:
>
> security.jail.chflags_allowed
>
> I have not tried to do what you're attempting before simply because I've
> very rarely run 32bit jails on 64bit hosts. Hopefully this gets you in
> the right direction.
> _______________________________________________
> freebsd-jail@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-jail
> To unsubscribe, send any mail to "freebsd-jail-unsubscribe@freebsd.org"
>
--
Sami Halabi
Information Systems Engineer
NMS Projects Expert
FreeBSD SysAdmin Expert
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAEW%2BogbA6UAw3X6f0ydjxMd-hcqr7Myf%2B3HjFv9gsf7uKP59CQ>