From owner-freebsd-current@FreeBSD.ORG Mon Nov 1 20:28:55 2004 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5A8DE16A4CE for ; Mon, 1 Nov 2004 20:28:55 +0000 (GMT) Received: from avocado.salatschuessel.net (avocado.salatschuessel.net [80.86.187.41]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8AFAA43D1D for ; Mon, 1 Nov 2004 20:28:54 +0000 (GMT) (envelope-from lehmann@ans-netz.de) Received: (qmail 62865 invoked from network); 1 Nov 2004 20:28:16 -0000 Received: from unknown (HELO kartoffel.salatschuessel.net) (80.86.187.43) by avocado.salatschuessel.net with SMTP; 1 Nov 2004 20:28:16 -0000 Date: Mon, 1 Nov 2004 21:29:32 +0100 From: Oliver Lehmann To: current@freebsd.org Message-Id: <20041101212932.2452ddf1.lehmann@ans-netz.de> X-Mailer: Sylpheed version 1.0.0beta1 (GTK+ 1.2.10; i386-portbld-freebsd4.10) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Subject: make world inside a jail X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 01 Nov 2004 20:28:55 -0000 Hi, today I played a bit with make world inside a jail, and get stuck with install -fschg - because setting the schg flag inside a jail is permitted. I removed at first all schg flags from outside the jail, Then I discovered the option NOFSCHG in share/mk/bsd.lib.mk and retried the build with make -DNOSCHG installworld. But I got now once more stuck because of -fschg was hardcoded: --- libexec/rtld-elf/Makefile.orig Mon Nov 1 20:18:45 2004 +++ libexec/rtld-elf/Makefile Mon Nov 1 20:19:10 2004 @@ -9,7 +9,11 @@ CFLAGS+= -Wall -DFREEBSD_ELF -DIN_RTLD CFLAGS+= -I${.CURDIR}/${MACHINE_ARCH} -I${.CURDIR} LDFLAGS+= -nostdlib -e .rtld_start +.if !defined(NOFSCHG) INSTALLFLAGS= -fschg -C -b +.else +INSTALLFLAGS= -C -b +.endif BINDIR= /libexec SYMLINKS= ${BINDIR}/${PROG} /usr/libexec/${PROG} MLINKS= rtld.1 ld-elf.so.1.1 \ and now I'm stuck once more with: ===> bin/rcp install -s -o root -g wheel -m 4555 -fschg rcp /bin install: /bin/rcp: Operation not permitted so I'm asking myself... maybe I'm doing sth. wrong? Is there an other way to avoid setting the schg flag during installworld? I actually don't care of security for that jail. I just have sth. to tast which I would preferably test within a jail and which requieres make world's. I could submit an pr with a patch which adds a NOSCHG option arround every -fschg assignment to INSTALLFLAGS if you want me to. But right now I'm just asking if there is something _I_ did wrong ;) -- Oliver Lehmann http://www.pofo.de/ http://wishlist.ans-netz.de/