Re: security.bsd.see_other_uids/gids and jails

Reply: doug_a_safeport.com: "Re: security.bsd.see_other_uids/gids and jails"
In reply to: doug_a_safeport.com: "Re: security.bsd.see_other_uids/gids and jails"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Dag-Erling_Smørgrav <des_at_FreeBSD.org>
Date: Tue, 27 Aug 2024 16:07:34 UTC

doug@safeport.com writes:
> If you did this command as root, your system is seriously messed up. I
> did this on a 12.2 system runing as 12.2 jail.

This is neither relevant nor helpful.

- 12.2 is four years old and no longer supported.

- `security.bsd.see_other_uids` is not settable from within a jail and
  never was (it does not, and never did, have the `CTLFLAG_PRISON`
  flag), so if you successfully did this, it is _your_ system which is
  “seriously messed up”.

- None of this answers the original question, which was whether it can
  be changed on a per-jail basis, and the answer to that is no, it
  applies equally to all users, jailed or unjailed.  Only nodes in the
  `security.jail.param` subtree can be changed per-jail.

DES
-- 
Dag-Erling Smørgrav - des@FreeBSD.org