From owner-freebsd-jail@FreeBSD.ORG Thu Oct 10 12:18:25 2013 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id 94F32844; Thu, 10 Oct 2013 12:18:25 +0000 (UTC) (envelope-from sodynet1@gmail.com) Received: from mail-pa0-x22c.google.com (mail-pa0-x22c.google.com [IPv6:2607:f8b0:400e:c03::22c]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 6732226D1; Thu, 10 Oct 2013 12:18:25 +0000 (UTC) Received: by mail-pa0-f44.google.com with SMTP id lf10so2620722pab.31 for ; Thu, 10 Oct 2013 05:18:25 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=0zgFPxcdP7q3mcKCvez4wRRwlNjZ0+uXstuFnVrbBcA=; b=U8bRsMZdlymnn5BIE+dyegSNzq2eBz1sHTuumNbppJ3hnrE7uawrKHbheYHd7i1B5+ axleij0DX2N4K1VVY2a11+Yua3RzPXynbfTOETJnJzV+HoLMMXy8LO0dulAiY4DYEYCs hazS18Jpo9pBVTYKskk3R531TJmjwKHEl7Tm32CSMnVfzvh7QPHQTuM8n6nrMO8+udZo cgTtCGoF/wkHkmjaZJ7zdhlpkHNgYPWSIa65JcHwCPYPig66ORuALn2mhj3L82oLvo9i 2cmoMRKn8SRL9EbHzTL5YtyZu8nNb12zTGH2RnNumJ7zm4j0eop4F2OLBrUIEUk12RKI tXPQ== MIME-Version: 1.0 X-Received: by 10.66.196.168 with SMTP id in8mr15015172pac.18.1381407504470; Thu, 10 Oct 2013 05:18:24 -0700 (PDT) Received: by 10.70.30.98 with HTTP; Thu, 10 Oct 2013 05:18:24 -0700 (PDT) In-Reply-To: <1381406813.7807.32351005.62A30408@webmail.messagingengine.com> References: <1381404913.25836.32340457.0EA543A2@webmail.messagingengine.com> <1381406101.2271.32347133.46E044A4@webmail.messagingengine.com> <1381406813.7807.32351005.62A30408@webmail.messagingengine.com> Date: Thu, 10 Oct 2013 15:18:24 +0300 Message-ID: Subject: Re: /lib/libc.so.7 unsupported file format From: Sami Halabi To: Mark Felder Content-Type: text/plain; charset=ISO-8859-1 X-Content-Filtered-By: Mailman/MimeDel 2.1.14 Cc: freebsd-jail@freebsd.org X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 10 Oct 2013 12:18:25 -0000 Hi, # sysctl security.jail.param.allow.chflags=1 security.jail.param.allow.chflags: 0 -> 0 the sysctl is not working, maybe it should be set on /boot/loder.conf what i did is the following: 1. inside the jail a. i renamed /bin/chflags to /bin/chfalgs-old b. created /bin/chflags with the following: #!/bin/csh -f echo sami > /dev/null 2. a freebsd-update install in the jail yeilds installing the updates with errors on /lib/libc.so.7 & /usr/bin/login 3. i did freebsd-update rollback 4. in the host i did: a. chflags noschg /usr/jails/sami/lib/libc.so.7 b. chflags noschg /usr/jails/sami/usr/bin/login 5. in the jail i did: a. freebsd-update fetch b. freebsd-update install 6. in the host i did: a. chflags schg /usr/jails/sami/lib/libc.so.7 b. chflags schg /usr/jails/sami/usr/bin/login 7. inside the jail a. removed /bin/chflags b. i renamed /bin/chflags-old to /bin/chfalgs Worked for me. Thanks for trying to hel pme, Sami On Thu, Oct 10, 2013 at 3:06 PM, Mark Felder wrote: > On Thu, Oct 10, 2013, at 7:03, Sami Halabi wrote: > > Hi, > > thanks for replying me so fast. > > > > what i ment is: > > 1. in the jail (32 bit) to do: > > freebsd-update fetch > > > > # ls /var/db/freebsd-update/ > > ./ > > ../ > > f465c3739385890c221dff1a05e578c6cae0d0430e46996d319db7439f884336-install@ > > filelist > > files/ > > install.TggE71/ > > pub.ssl > > serverlist > > serverlist_full > > serverlist_tried > > tINDEX.present > > tag > > root@sami:/ # > > > > root@sami:/ # more /var/db/freebsd-update/tag > > > freebsd-update|i386|9.1-RELEASE|7|b3924864da0e125ff57d2f9894347dbc0e130ae32a0647126d5109dbc099981e|1420070400 > > root@sami:/ # > > > > 2. since inside the jail: > > root@sami:/ # freebsd-update install > > Installing updates...chflags: ///lib/libc.so.7: Operation not permitted > > root@sami:/ # > > > > not working because of chflags (maybe there is a sysctl that will allow a > > jail to chflags??) > > > > i thought that maybe there is some way to do it from outside the jail. > > > > unfortunattly doing simple: > > root@6:/root # freebsd-update -b /usr/jails/sami -d > > /usr/jails/sami/var/db/freebsd-update/ install > > No updates are available to install. > > Run '/usr/sbin/freebsd-update fetch' first. > > root@6:/root # > > > > i thought if there is some way to interpret the data and installing using > > the host (maybe manually somehow...), or even changing the chflags inside > > the jail to an executable that return success no matter what... > > > > There is a sysctl for chflags: > > security.jail.param.allow.chflags > > and you can check if you have that access from within the jail via: > > security.jail.chflags_allowed > > I have not tried to do what you're attempting before simply because I've > very rarely run 32bit jails on 64bit hosts. Hopefully this gets you in > the right direction. > _______________________________________________ > freebsd-jail@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-jail > To unsubscribe, send any mail to "freebsd-jail-unsubscribe@freebsd.org" > -- Sami Halabi Information Systems Engineer NMS Projects Expert FreeBSD SysAdmin Expert