Re: security.bsd.see_other_uids/gids and jails

From: <doug_at_safeport.com>
Date: Tue, 27 Aug 2024 17:14:32 UTC

On Tue, 27 Aug 2024, Dag-Erling Sm?rgrav wrote:

> doug@safeport.com writes:
>> If you did this command as root, your system is seriously messed up. I
>> did this on a 12.2 system runing as 12.2 jail.
>
> This is neither relevant nor helpful.
>
> - 12.2 is four years old and no longer supported.
>
> - `security.bsd.see_other_uids` is not settable from within a jail and
>  never was (it does not, and never did, have the `CTLFLAG_PRISON`
>  flag), so if you successfully did this, it is _your_ system which is
>  ?seriously messed up?.
>
> - None of this answers the original question, which was whether it can
>  be changed on a per-jail basis, and the answer to that is no, it
>  applies equally to all users, jailed or unjailed.  Only nodes in the
>  `security.jail.param` subtree can be changed per-jail.
>
So a facility that worked in 12.2 was taken away in 14.1? It seems to also 
work on my 14.1 system. The question as I understood it was can this be 
done with different jails having different setting. That answer is yes. If 
I did not understand the question, my bad.