diff options
author | cperciva <cperciva@FreeBSD.org> | 2005-02-08 21:31:11 +0000 |
---|---|---|
committer | cperciva <cperciva@FreeBSD.org> | 2005-02-08 21:31:11 +0000 |
commit | 30beb7d8e4b1fdb77e1c6f609b79c8d9d2e387cf (patch) | |
tree | 0024f1770569c434b08f85294b067e0e7ad79755 /sys/ufs | |
parent | e64e9f38d4432ab314933f6b9faf86fa3c0c778f (diff) | |
download | FreeBSD-src-30beb7d8e4b1fdb77e1c6f609b79c8d9d2e387cf.zip FreeBSD-src-30beb7d8e4b1fdb77e1c6f609b79c8d9d2e387cf.tar.gz |
Add a new sysctl, "security.jail.chflags_allowed", which controls the
behaviour of chflags within a jail. If set to 0 (the default), then a
jailed root user is treated as an unprivileged user; if set to 1, then
a jailed root user is treated the same as an unjailed root user.
This is necessary to allow "make installworld" to work inside a jail,
since it attempts to manipulate the system immutable flag on certain
files.
Discussed with: csjp, rwatson
MFC after: 2 weeks
Diffstat (limited to 'sys/ufs')
-rw-r--r-- | sys/ufs/ufs/ufs_vnops.c | 13 |
1 files changed, 9 insertions, 4 deletions
diff --git a/sys/ufs/ufs/ufs_vnops.c b/sys/ufs/ufs/ufs_vnops.c index baaffb5..37a3a41 100644 --- a/sys/ufs/ufs/ufs_vnops.c +++ b/sys/ufs/ufs/ufs_vnops.c @@ -61,6 +61,7 @@ __FBSDID("$FreeBSD$"); #include <sys/conf.h> #include <sys/acl.h> #include <sys/mac.h> +#include <sys/jail.h> #include <machine/mutex.h> @@ -472,13 +473,17 @@ ufs_setattr(ap) if ((error = VOP_ACCESS(vp, VADMIN, cred, td))) return (error); /* - * Unprivileged processes and privileged processes in - * jail() are not permitted to unset system flags, or - * modify flags if any system flags are set. + * Unprivileged processes are not permitted to unset system + * flags, or modify flags if any system flags are set. * Privileged non-jail processes may not modify system flags * if securelevel > 0 and any existing system flags are set. + * Privileged jail processes behave like privileged non-jail + * processes if the security.jail.chflags_allowed sysctl is + * is non-zero; otherwise, they behave like unprivileged + * processes. */ - if (!suser_cred(cred, 0)) { + if (!suser_cred(cred, + jail_chflags_allowed ? SUSER_ALLOWJAIL : 0)) { if (ip->i_flags & (SF_NOUNLINK | SF_IMMUTABLE | SF_APPEND)) { error = securelevel_gt(cred, 0); |