From nobody Tue Aug 27 17:14:32 2024 X-Original-To: freebsd-questions@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4WtZ0d2QpRz52VB4 for ; Tue, 27 Aug 2024 17:14:41 +0000 (UTC) (envelope-from doug@safeport.com) Received: from fledge.watson.org (fledge.watson.org [147.160.157.40]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "A1-48603", Issuer "A1-48603" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4WtZ0d0YRlz4Rv7; Tue, 27 Aug 2024 17:14:41 +0000 (UTC) (envelope-from doug@safeport.com) Authentication-Results: mx1.freebsd.org; none Received: from fledge.watson.org (doug@localhost [127.0.0.1]) by fledge.watson.org (8.17.1/8.17.1) with ESMTPS id 47RHEYj6056122 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NO); Tue, 27 Aug 2024 17:14:34 GMT (envelope-from doug@safeport.com) Received: from localhost (doug@localhost) by fledge.watson.org (8.17.1/8.17.1/Submit) with ESMTP id 47RHEWmT056115; Tue, 27 Aug 2024 17:14:32 GMT (envelope-from doug@safeport.com) X-Authentication-Warning: fledge.watson.org: doug owned process doing -bs Date: Tue, 27 Aug 2024 17:14:32 +0000 (UTC) From: doug@safeport.com Reply-To: doug@fledge.watson.org To: =?ISO-8859-15?Q?Dag-Erling_Sm=F8rgrav?= cc: Andrea Venturoli , freebsd-questions@freebsd.org Subject: Re: security.bsd.see_other_uids/gids and jails In-Reply-To: <86jzg23q61.fsf@ltc.des.dev> Message-ID: References: <902826c1-fc50-48aa-867d-8010b5814df2@netfence.it> <61ed9412-563-a5f-a3c0-66ff23cb5ac4@safeport.com> <0fe260da-43ff-4c14-9807-7b81cec37c83@netfence.it> <86jzg23q61.fsf@ltc.des.dev> List-Id: User questions List-Archive: https://lists.freebsd.org/archives/freebsd-questions List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: freebsd-questions@freebsd.org Sender: owner-freebsd-questions@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII; format=flowed X-Spamd-Bar: ---- X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:6405, ipnet:147.160.157.0/24, country:US] X-Rspamd-Queue-Id: 4WtZ0d0YRlz4Rv7 On Tue, 27 Aug 2024, Dag-Erling Sm?rgrav wrote: > doug@safeport.com writes: >> If you did this command as root, your system is seriously messed up. I >> did this on a 12.2 system runing as 12.2 jail. > > This is neither relevant nor helpful. > > - 12.2 is four years old and no longer supported. > > - `security.bsd.see_other_uids` is not settable from within a jail and > never was (it does not, and never did, have the `CTLFLAG_PRISON` > flag), so if you successfully did this, it is _your_ system which is > ?seriously messed up?. > > - None of this answers the original question, which was whether it can > be changed on a per-jail basis, and the answer to that is no, it > applies equally to all users, jailed or unjailed. Only nodes in the > `security.jail.param` subtree can be changed per-jail. > So a facility that worked in 12.2 was taken away in 14.1? It seems to also work on my 14.1 system. The question as I understood it was can this be done with different jails having different setting. That answer is yes. If I did not understand the question, my bad.