summaryrefslogtreecommitdiffstats
path: root/sys
diff options
context:
space:
mode:
authorcperciva <cperciva@FreeBSD.org>2005-02-08 21:31:11 +0000
committercperciva <cperciva@FreeBSD.org>2005-02-08 21:31:11 +0000
commit30beb7d8e4b1fdb77e1c6f609b79c8d9d2e387cf (patch)
tree0024f1770569c434b08f85294b067e0e7ad79755 /sys
parente64e9f38d4432ab314933f6b9faf86fa3c0c778f (diff)
downloadFreeBSD-src-30beb7d8e4b1fdb77e1c6f609b79c8d9d2e387cf.zip
FreeBSD-src-30beb7d8e4b1fdb77e1c6f609b79c8d9d2e387cf.tar.gz
Add a new sysctl, "security.jail.chflags_allowed", which controls the
behaviour of chflags within a jail. If set to 0 (the default), then a jailed root user is treated as an unprivileged user; if set to 1, then a jailed root user is treated the same as an unjailed root user. This is necessary to allow "make installworld" to work inside a jail, since it attempts to manipulate the system immutable flag on certain files. Discussed with: csjp, rwatson MFC after: 2 weeks
Diffstat (limited to 'sys')
-rw-r--r--sys/kern/kern_jail.c5
-rw-r--r--sys/sys/jail.h1
-rw-r--r--sys/ufs/ufs/ufs_vnops.c13
3 files changed, 15 insertions, 4 deletions
diff --git a/sys/kern/kern_jail.c b/sys/kern/kern_jail.c
index 7a8442e..28120fd 100644
--- a/sys/kern/kern_jail.c
+++ b/sys/kern/kern_jail.c
@@ -67,6 +67,11 @@ SYSCTL_INT(_security_jail, OID_AUTO, allow_raw_sockets, CTLFLAG_RW,
&jail_allow_raw_sockets, 0,
"Prison root can create raw sockets");
+int jail_chflags_allowed = 0;
+SYSCTL_INT(_security_jail, OID_AUTO, chflags_allowed, CTLFLAG_RW,
+ &jail_chflags_allowed, 0,
+ "Processes in jail can alter system file flags");
+
/* allprison, lastprid, and prisoncount are protected by allprison_mtx. */
struct prisonlist allprison;
struct mtx allprison_mtx;
diff --git a/sys/sys/jail.h b/sys/sys/jail.h
index ee9b40f..b403b14 100644
--- a/sys/sys/jail.h
+++ b/sys/sys/jail.h
@@ -83,6 +83,7 @@ extern int jail_socket_unixiproute_only;
extern int jail_sysvipc_allowed;
extern int jail_getfsstat_jailrootonly;
extern int jail_allow_raw_sockets;
+extern int jail_chflags_allowed;
LIST_HEAD(prisonlist, prison);
extern struct prisonlist allprison;
diff --git a/sys/ufs/ufs/ufs_vnops.c b/sys/ufs/ufs/ufs_vnops.c
index baaffb5..37a3a41 100644
--- a/sys/ufs/ufs/ufs_vnops.c
+++ b/sys/ufs/ufs/ufs_vnops.c
@@ -61,6 +61,7 @@ __FBSDID("$FreeBSD$");
#include <sys/conf.h>
#include <sys/acl.h>
#include <sys/mac.h>
+#include <sys/jail.h>
#include <machine/mutex.h>
@@ -472,13 +473,17 @@ ufs_setattr(ap)
if ((error = VOP_ACCESS(vp, VADMIN, cred, td)))
return (error);
/*
- * Unprivileged processes and privileged processes in
- * jail() are not permitted to unset system flags, or
- * modify flags if any system flags are set.
+ * Unprivileged processes are not permitted to unset system
+ * flags, or modify flags if any system flags are set.
* Privileged non-jail processes may not modify system flags
* if securelevel > 0 and any existing system flags are set.
+ * Privileged jail processes behave like privileged non-jail
+ * processes if the security.jail.chflags_allowed sysctl is
+ * is non-zero; otherwise, they behave like unprivileged
+ * processes.
*/
- if (!suser_cred(cred, 0)) {
+ if (!suser_cred(cred,
+ jail_chflags_allowed ? SUSER_ALLOWJAIL : 0)) {
if (ip->i_flags
& (SF_NOUNLINK | SF_IMMUTABLE | SF_APPEND)) {
error = securelevel_gt(cred, 0);
OpenPOWER on IntegriCloud