Re: security.bsd.see_other_uids/gids and jails

From: <doug_at_safeport.com>
Date: Sat, 24 Aug 2024 17:30:37 UTC

On Sat, 24 Aug 2024, Andrea Venturoli wrote:

> On 8/24/24 01:58, doug@safeport.com wrote:
>
>> These setting can be changed in a running jail. See sysctl.
>
> Thanks, but this does not seem to work.
>
> root@myhost:~ # freebsd-version -ku
> 13.3-RELEASE-p5
> 13.3-RELEASE-p5
> root@myhost:~ # sysctl security.bsd.see_other_uids=0
> security.bsd.see_other_uids: 0 -> 0
> root@myhost:~ # ezjail-admin console myjail
> root@myjail:~ # sysctl security.bsd.see_other_uids=1
> security.bsd.see_other_uids: 0
> sysctl: security.bsd.see_other_uids=1: Operation not permitted
>
>
>
> Is a newer version of FreeBSD required?
> Some jail settings?
> Something else?
>
If you did this command as root, your system is seriously messed up. I did 
this on a 12.2 system runing as 12.2 jail.