Date: Mon, 1 Nov 2004 21:29:32 +0100 From: Oliver Lehmann <lehmann@ans-netz.de> To: current@freebsd.org Subject: make world inside a jail Message-ID: <20041101212932.2452ddf1.lehmann@ans-netz.de>
next in thread | raw e-mail | index | archive | help
Hi,
today I played a bit with make world inside a jail, and get stuck with
install -fschg - because setting the schg flag inside a jail is permitted.
I removed at first all schg flags from outside the jail, Then I discovered
the option NOFSCHG in share/mk/bsd.lib.mk and retried the build with make
-DNOSCHG installworld.
But I got now once more stuck because of -fschg was hardcoded:
--- libexec/rtld-elf/Makefile.orig Mon Nov 1 20:18:45 2004
+++ libexec/rtld-elf/Makefile Mon Nov 1 20:19:10 2004
@@ -9,7 +9,11 @@
CFLAGS+= -Wall -DFREEBSD_ELF -DIN_RTLD
CFLAGS+= -I${.CURDIR}/${MACHINE_ARCH} -I${.CURDIR}
LDFLAGS+= -nostdlib -e .rtld_start
+.if !defined(NOFSCHG)
INSTALLFLAGS= -fschg -C -b
+.else
+INSTALLFLAGS= -C -b
+.endif
BINDIR= /libexec
SYMLINKS= ${BINDIR}/${PROG} /usr/libexec/${PROG}
MLINKS= rtld.1 ld-elf.so.1.1 \
and now I'm stuck once more with:
===> bin/rcp
install -s -o root -g wheel -m 4555 -fschg rcp /bin
install: /bin/rcp: Operation not permitted
so I'm asking myself... maybe I'm doing sth. wrong? Is there an other way
to avoid setting the schg flag during installworld?
I actually don't care of security for that jail. I just have sth. to tast
which I would preferably test within a jail and which requieres make
world's.
I could submit an pr with a patch which adds a NOSCHG option arround every
-fschg assignment to INSTALLFLAGS if you want me to. But right now I'm
just asking if there is something _I_ did wrong ;)
--
Oliver Lehmann
http://www.pofo.de/
http://wishlist.ans-netz.de/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20041101212932.2452ddf1.lehmann>