Hi,
# sysctl security.jail.param.allow.chflags=1
security.jail.param.allow.chflags: 0 -> 0
the sysctl is not working, maybe it should be set on /boot/loder.conf
what i did is the following:
1. inside the jail
a. i renamed /bin/chflags to /bin/chfalgs-old
b. created /bin/chflags with the following:
#!/bin/csh -f
echo sami > /dev/null
2. a freebsd-update install in the jail yeilds installing the updates with
errors on /lib/libc.so.7 & /usr/bin/login
3. i did freebsd-update rollback
4. in the host i did:
a. chflags noschg /usr/jails/sami/lib/libc.so.7
b. chflags noschg /usr/jails/sami/usr/bin/login
5. in the jail i did:
a. freebsd-update fetch
b. freebsd-update install
6. in the host i did:
a. chflags schg /usr/jails/sami/lib/libc.so.7
b. chflags schg /usr/jails/sami/usr/bin/login
7. inside the jail
a. removed /bin/chflags
b. i renamed /bin/chflags-old to /bin/chfalgs
Worked for me.
Thanks for trying to hel pme,
Sami
On Thu, Oct 10, 2013 at 3:06 PM, Mark Felder <f...@freebsd.org> wrote:
> On Thu, Oct 10, 2013, at 7:03, Sami Halabi wrote:
> > Hi,
> > thanks for replying me so fast.
> >
> > what i ment is:
> > 1. in the jail (32 bit) to do:
> > freebsd-update fetch
> >
> > # ls /var/db/freebsd-update/
> > ./
> > ../
> > f465c3739385890c221dff1a05e578c6cae0d0430e46996d319db7439f884336-install@
> > filelist
> > files/
> > install.TggE71/
> > pub.ssl
> > serverlist
> > serverlist_full
> > serverlist_tried
> > tINDEX.present
> > tag
> > root@sami:/ #
> >
> > root@sami:/ # more /var/db/freebsd-update/tag
> >
> freebsd-update|i386|9.1-RELEASE|7|b3924864da0e125ff57d2f9894347dbc0e130ae32a0647126d5109dbc099981e|1420070400
> > root@sami:/ #
> >
> > 2. since inside the jail:
> > root@sami:/ # freebsd-update install
> > Installing updates...chflags: ///lib/libc.so.7: Operation not permitted
> > root@sami:/ #
> >
> > not working because of chflags (maybe there is a sysctl that will allow a
> > jail to chflags??)
> >
> > i thought that maybe there is some way to do it from outside the jail.
> >
> > unfortunattly doing simple:
> > root@6:/root # freebsd-update -b /usr/jails/sami -d
> > /usr/jails/sami/var/db/freebsd-update/ install
> > No updates are available to install.
> > Run '/usr/sbin/freebsd-update fetch' first.
> > root@6:/root #
> >
> > i thought if there is some way to interpret the data and installing using
> > the host (maybe manually somehow...), or even changing the chflags inside
> > the jail to an executable that return success no matter what...
> >
>
> There is a sysctl for chflags:
>
> security.jail.param.allow.chflags
>
> and you can check if you have that access from within the jail via:
>
> security.jail.chflags_allowed
>
> I have not tried to do what you're attempting before simply because I've
> very rarely run 32bit jails on 64bit hosts. Hopefully this gets you in
> the right direction.
> _______________________________________________
> freebsd-jail@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-jail
> To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org"
>
--
Sami Halabi
Information Systems Engineer
NMS Projects Expert
FreeBSD SysAdmin Expert
_______________________________________________
freebsd-jail@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-jail
To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org"
