Add a new sysctl, "security.jail.chflags_allowed", which controls the

behaviour of chflags within a jail.  If set to 0 (the default), then a
jailed root user is treated as an unprivileged user; if set to 1, then
a jailed root user is treated the same as an unjailed root user.

This is necessary to allow "make installworld" to work inside a jail,
since it attempts to manipulate the system immutable flag on certain
files.

Discussed with:	csjp, rwatson
MFC after:	2 weeks

1 files changed, 9 insertions, 0 deletions

diff --git a/usr.sbin/jail/jail.8 b/usr.sbin/jail/jail.8
index 1a75f31..f7c5198 100644
--- a/usr.sbin/jail/jail.8
+++ b/usr.sbin/jail/jail.8
@@ -497,6 +497,15 @@ within a jail would be able to communicate with (and potentially interfere
 with) processes outside of the jail, and in other jails.
 As such, this functionality is disabled by default, but can be enabled
 by setting this MIB entry to 1.
+.It Va security.jail.chflags_allowed
+This MIB entry determines how a privileged user inside a jail will be 
+treated by
+.Xr chflags 2 .
+If zero, such users are treated as unprivileged, and are unable to set
+or clear system file flags; if non-zero, such users are treated as 
+privileged, and may manipulate system file flags subject to the usual
+constaints on
+.Va kern.securelevel .
 .El
 .Pp
 There are currently two MIB related variables that have per-jail settings.