On Sun, Sep 21, 2008 at 04:06:33PM -0700, Jason C. Wells wrote: > Jason C. Wells wrote: >> Jason C. Wells wrote: > >> I should add that 'systcl security.jail.chflags_allowed=1' allowed >> installworld to proceed without error. That solves my immediate >> problem. There appears to be a bug in the security mechanism. > > The reason there appeared to be a bug in the security mechanism is that > I performed (IIRC) chflags -noschg on libc as root on the host system > outside the jail. > > But for some reason 'install -S' was not safe. > > (outside the jail) > ~$ chflags noschg /usr/jails/cr/lib/libc.so.6 > > (inside the jail) > [EMAIL PROTECTED] /usr/src/lib/libc]# ls -lao /lib/libc.so.6 > -rwxr-xr-x 1 root wheel - 981331 Sep 21 15:57 /lib/libc.so.6 > > [EMAIL PROTECTED] /usr/src/lib/libc]# sysctl -a | grep secur > kern.securelevel: -1 > security.jail.chflags_allowed: 0 > > [EMAIL PROTECTED] /usr/src/lib/libc]# make install > install -C -o root -g wheel -m 444 libc.a /usr/lib > install -C -o root -g wheel -m 444 libc_p.a /usr/lib > install -s -o root -g wheel -m 444 -fschg -S libc.so.6 /lib > install: /lib/libc.so.6: chflags: Operation not permitted > *** Error code 71 > > Stop in /usr/src/lib/libc. > > [EMAIL PROTECTED] /usr/src/lib/libc]# ls -lao /lib/libc.so.6 > /libexec/ld-elf.so.1: Shared object "libc.so.6" not found, required by "ls" > [EMAIL PROTECTED] /usr/src/lib/libc]#
Please file a PR on this matter. -- | Jeremy Chadwick jdc at parodius.com | | Parodius Networking http://www.parodius.com/ | | UNIX Systems Administrator Mountain View, CA, USA | | Making life hard for others since 1977. PGP: 4BD6C0CB | _______________________________________________ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "[EMAIL PROTECTED]"
