Date: Mon, 3 Dec 2012 11:55:51 -0800 (PST) From: Ed Maste <emaste@FreeBSD.org> To: FreeBSD-gnats-submit@FreeBSD.org Subject: kern/174104: security.jail.param does not reflect actual jail perms Message-ID: <201212031955.qB3JtpjU002612@bld91> Resent-Message-ID: <201212041110.qB4BA0TS012205@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 174104 >Category: kern >Synopsis: security.jail.param does not reflect actual jail perms >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Tue Dec 04 11:10:00 UTC 2012 >Closed-Date: >Last-Modified: >Originator: Ed Maste >Release: FreeBSD 9.1-RC3 amd64 >Organization: ADARA Networks >Environment: System: FreeBSD bld91 9.1-RC3 FreeBSD 9.1-RC3 #0 r243630M: Mon Dec 3 10:44:36 PST 2012 root@bld91:/data/obj/data/freebsd-src/9.1/sys/GENERIC amd64 >Description: I would expect security.jail.param.* to update inside the jail after using jail -m on the host to change settings, but this does not appear to happen. >How-To-Repeat: # on the host, disallow chflags: bld91# jail -m jid=2 allow.chflags=0 # in the jail, verify that chflags fails: root@tinderbox:/root # sysctl security.jail.param.allow.chflags security.jail.param.allow.chflags: 0 root@tinderbox:/root # touch foo root@tinderbox:/root # chflags schg foo; chflags noschg foo chflags: foo: Operation not permitted # on the host, allow chflags: bld91# jail -m jid=2 allow.chflags=1 # in the jail, chflags works but the sysctl still shows 0: root@tinderbox:/root # sysctl security.jail.param.allow.chflags security.jail.param.allow.chflags: 0 root@tinderbox:/root # chflags schg foo ; chflags noschg foo root@tinderbox:/root # >Fix: >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201212031955.qB3JtpjU002612>