--M9NhX3UHpAaciwkO Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Jamie, On Tue, May 10, 2011 at 01:18:44PM +0100, Jamie Landeg Jones wrote: >=20 > > Do you know if there is a way that chmod on / from within the jail coul= d=20 > > be prevented easily without breaking something ? Maybe not failing but= =20 > > falling though and return 0 for any operation with the sole argument of= /. >=20 > Enforcing 700 on the jail root? >=20 > Whilst I was wrong on chmod 700 on (say) /usr/jails it is still the case > that the root directory of the jail itself (/usr/jail/jailname) has to > be 755 for non-root processeses within the jail to access the filesystem! >=20 Sorry for the late reply on this. What I was thinking of is enforcing from within the jail that all system=20 calls to chmod(2), chflags(2), chown(2) and anything that can change the=20 directories access modes should be passed silently when the argument to=20 the command is operating on the root directory. --=20 Regards, (jhell) Jason Hellenthal --M9NhX3UHpAaciwkO Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (FreeBSD) Comment: http://bit.ly/0x89D8547E iQEcBAEBAgAGBQJNycfTAAoJEJBXh4mJ2FR+0s4IAIXFxI7k819MBfSOAgvIxlgu HVXGlwGjB+EVDuPKiVGExlN0ezje+RUZWAkFfM/BGoTxAptY5Icz5bG4INHddyP5 ikoiqMSe68vEUKklmHQXs8tYI3Poj4u5ZpcuUcc3H4wL+QB+FQPtIAXXp4oEKHY0 3+0bMpQbFQ3QdeNVeA1sKdPId8uJYI4dT/tBVsrC1xJKlm3/nGmWZ+SCT6q7SEYI A+WImLiHa4l32E0mfEC7bbgmmg90Xg6Kg01stk3ZLBAHQzlcR8MMhnsGtQzJwztC NouVclKqxLIcSFFWvyDcymcYeVIdXgrUspEwXzzTj3sOVdxDvEd+lkQ50dN3y64= =upS1 -----END PGP SIGNATURE----- --M9NhX3UHpAaciwkO--