From owner-freebsd-current@FreeBSD.ORG Tue Nov 2 12:14:03 2004 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 166A816A4CE for ; Tue, 2 Nov 2004 12:14:03 +0000 (GMT) Received: from tigra.ip.net.ua (tigra.ip.net.ua [82.193.96.10]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0921843D2F for ; Tue, 2 Nov 2004 12:14:02 +0000 (GMT) (envelope-from ru@ip.net.ua) Received: from localhost (rocky.ip.net.ua [82.193.96.2]) by tigra.ip.net.ua (8.12.11/8.12.11) with ESMTP id iA2CDx5b062365; Tue, 2 Nov 2004 14:13:59 +0200 (EET) (envelope-from ru@ip.net.ua) Received: from tigra.ip.net.ua ([82.193.96.10]) by localhost (rocky.ipnet [82.193.96.2]) (amavisd-new, port 10024) with LMTP id 03327-18; Tue, 2 Nov 2004 14:13:58 +0200 (EET) Received: from heffalump.ip.net.ua (heffalump.ip.net.ua [82.193.96.213]) by tigra.ip.net.ua (8.12.11/8.12.11) with ESMTP id iA2CDwjZ062362 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 2 Nov 2004 14:13:58 +0200 (EET) (envelope-from ru@ip.net.ua) Received: (from ru@localhost) by heffalump.ip.net.ua (8.13.1/8.13.1) id iA2CDgCW056280; Tue, 2 Nov 2004 14:13:42 +0200 (EET) (envelope-from ru) Date: Tue, 2 Nov 2004 14:13:42 +0200 From: Ruslan Ermilov To: Oliver Lehmann Message-ID: <20041102121341.GB56174@ip.net.ua> References: <20041101212932.2452ddf1.lehmann@ans-netz.de> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="WhfpMioaduB5tiZL" Content-Disposition: inline In-Reply-To: <20041101212932.2452ddf1.lehmann@ans-netz.de> User-Agent: Mutt/1.5.6i X-Virus-Scanned: by amavisd-new at ip.net.ua cc: current@freebsd.org Subject: Re: make world inside a jail X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 02 Nov 2004 12:14:03 -0000 --WhfpMioaduB5tiZL Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Nov 01, 2004 at 09:29:32PM +0100, Oliver Lehmann wrote: > Hi, >=20 > today I played a bit with make world inside a jail, and get stuck with > install -fschg - because setting the schg flag inside a jail is permitted. > I removed at first all schg flags from outside the jail, Then I discovered > the option NOFSCHG in share/mk/bsd.lib.mk and retried the build with make > -DNOSCHG installworld. > But I got now once more stuck because of -fschg was hardcoded: >=20 > --- libexec/rtld-elf/Makefile.orig Mon Nov 1 20:18:45 2004 > +++ libexec/rtld-elf/Makefile Mon Nov 1 20:19:10 2004 > @@ -9,7 +9,11 @@ > CFLAGS+=3D -Wall -DFREEBSD_ELF -DIN_RTLD > CFLAGS+=3D -I${.CURDIR}/${MACHINE_ARCH} -I${.CURDIR} > LDFLAGS+=3D -nostdlib -e .rtld_start > +.if !defined(NOFSCHG) > INSTALLFLAGS=3D -fschg -C -b > +.else > +INSTALLFLAGS=3D -C -b > +.endif > BINDIR=3D /libexec > SYMLINKS=3D ${BINDIR}/${PROG} /usr/libexec/${PROG} > MLINKS=3D rtld.1 ld-elf.so.1.1 \ >=20 > and now I'm stuck once more with: > =3D=3D=3D> bin/rcp > install -s -o root -g wheel -m 4555 -fschg rcp /bin > install: /bin/rcp: Operation not permitted >=20 > so I'm asking myself... maybe I'm doing sth. wrong? Is there an other way > to avoid setting the schg flag during installworld? > I actually don't care of security for that jail. I just have sth. to tast > which I would preferably test within a jail and which requieres make > world's. > I could submit an pr with a patch which adds a NOSCHG option arround every > -fschg assignment to INSTALLFLAGS if you want me to. But right now I'm > just asking if there is something _I_ did wrong ;) >=20 Try this: make installworld INSTALLFLAGS_EDIT=3D:N-fschg Cheers, --=20 Ruslan Ermilov ru@FreeBSD.org FreeBSD committer --WhfpMioaduB5tiZL Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (FreeBSD) iD8DBQFBh3n1qRfpzJluFF4RAh+kAJ0ToHyaKEO6l3vK1Kr2ycpsJsdjiACghC25 h7tBGX9N0rq5i9iCgzcr5JY= =wdB1 -----END PGP SIGNATURE----- --WhfpMioaduB5tiZL--