From owner-freebsd-stable@freebsd.org Tue Apr 24 14:45:07 2018 Return-Path: Delivered-To: freebsd-stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 360F3FA7CCA for ; Tue, 24 Apr 2018 14:45:07 +0000 (UTC) (envelope-from darius@dons.net.au) Received: from ipmail02.adl2.internode.on.net (ipmail02.adl2.internode.on.net [150.101.137.139]) by mx1.freebsd.org (Postfix) with ESMTP id 55A5376877 for ; Tue, 24 Apr 2018 14:45:05 +0000 (UTC) (envelope-from darius@dons.net.au) Received: from ppp121-45-17-192.bras1.adl4.internode.on.net (HELO midget.dons.net.au) ([121.45.17.192]) by ipmail02.adl2.internode.on.net with ESMTP; 25 Apr 2018 00:15:03 +0930 Received: from midget.dons.net.au (localhost [127.0.0.1]) by midget.dons.net.au (8.15.1/8.14.9) with ESMTPS id w3OEiYLU064065 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Wed, 25 Apr 2018 00:14:59 +0930 (CST) (envelope-from darius@dons.net.au) Received: (from mailnull@localhost) by midget.dons.net.au (8.15.1/8.14.9/Submit) id w3OEFFp0046868 for ; Tue, 24 Apr 2018 23:45:15 +0930 (CST) (envelope-from darius@dons.net.au) X-Authentication-Warning: midget.dons.net.au: mailnull set sender to using -f Received: from [10.0.2.26] ([10.0.2.26]) by ns.dons.net.au (envelope-sender ) (MIMEDefang) with ESMTP id w3OEF9Hq046694; Tue, 24 Apr 2018 23:45:15 +0930 Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 11.3 \(3445.6.18\)) Subject: Re: What should do in chrooted environment? From: "O'Connor, Daniel" In-Reply-To: <5bfcd662-629c-43f0-0471-141cf6881a1f@gmail.com> Date: Tue, 24 Apr 2018 23:45:08 +0930 Cc: Glen Barber , krad , KIRIYAMA Kazuhiko , freebsd-stable Content-Transfer-Encoding: quoted-printable Message-Id: <084EA8AE-1228-493E-AD15-DFDE56F056AB@dons.net.au> References: <201804232228.w3NMS6UW042861@kx.openedu.org> <20180423224408.GC56778@FreeBSD.org> <20180424132452.GB70329@FreeBSD.org> <5bfcd662-629c-43f0-0471-141cf6881a1f@gmail.com> To: Marc Branchaud X-Mailer: Apple Mail (2.3445.6.18) X-Spam-Score: -1 () No, score=-1.0 required=5.0 tests=ALL_TRUSTED autolearn=unavailable autolearn_force=no version=3.4.0 X-Scanned-By: MIMEDefang 2.75 on 10.0.2.1 X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 24 Apr 2018 14:45:07 -0000 > On 24 Apr 2018, at 23:39, Marc Branchaud wrote: > On 2018-04-24 09:24 AM, Glen Barber wrote: >> There are additional nits regarding jail(8) that chroot(8) does not = have >> the same limitations. Setting/unsetting the immutable flag on = something >> like /sbin/init, for example, comes to mind. >=20 > Try > allow.chflags > in your jail.conf. I assume that this also isn't checked by the build so you end up wasting = some time as well (but probably only in installworld) I don't see an argument against doing some quick sanity checks before = starting a run (be it buildworld, installworld or whatever). -- Daniel O'Connor "The nice thing about standards is that there are so many of them to choose from." -- Andrew Tanenbaum GPG Fingerprint - 5596 B766 97C0 0E94 4347 295E E593 DC20 7B3F CE8C