Re: security.bsd.see_other_uids/gids and jails
Date: Tue, 27 Aug 2024 17:14:32 UTC
On Tue, 27 Aug 2024, Dag-Erling Sm?rgrav wrote: > doug@safeport.com writes: >> If you did this command as root, your system is seriously messed up. I >> did this on a 12.2 system runing as 12.2 jail. > > This is neither relevant nor helpful. > > - 12.2 is four years old and no longer supported. > > - `security.bsd.see_other_uids` is not settable from within a jail and > never was (it does not, and never did, have the `CTLFLAG_PRISON` > flag), so if you successfully did this, it is _your_ system which is > ?seriously messed up?. > > - None of this answers the original question, which was whether it can > be changed on a per-jail basis, and the answer to that is no, it > applies equally to all users, jailed or unjailed. Only nodes in the > `security.jail.param` subtree can be changed per-jail. > So a facility that worked in 12.2 was taken away in 14.1? It seems to also work on my 14.1 system. The question as I understood it was can this be done with different jails having different setting. That answer is yes. If I did not understand the question, my bad.