cvs commit: src/sys/kern kern_jail.c src/sys/sys
jail.hsrc/sys/ufs/ufs ufs_vnops.c src/usr.sbin/jail jail.8
Colin Percival
cperciva at freebsd.org
Wed Feb 9 17:24:34 GMT 2005
Pawel Jakub Dawidek wrote:
> On Tue, Feb 08, 2005 at 09:31:11PM +0000, Colin Percival wrote:
> +> Add a new sysctl, "security.jail.chflags_allowed", which controls the
> +> behaviour of chflags within a jail. If set to 0 (the default), then a
> +> jailed root user is treated as an unprivileged user; if set to 1, then
> +> a jailed root user is treated the same as an unjailed root user.
>
> More than that. It should be allowed in the future by default
Don't you think it's better to err on the side of security? There
are certainly times when allowing a jailed user to manipulate system
file flags could cause (non-obvious) problems, while any failure
caused by an inability to set these flags will be immediately obvious.
Also, I'm planning on MFCing this to RELENG_5, and we definitely don't
want the default behaviour to change there.
> and this
> behaviour should be controlled by jail's securelevel.
Right now with security.jail.chflags_allowed=1, the usual securelevel
restrictions apply based on both the host and jail securelevel. Is
this what you meant?
Colin Percival
More information about the cvs-src
mailing list