From owner-FreeBSD-users-jp@jp.FreeBSD.org Sat Feb  9 22:33:48 2002
Received: (from daemon@localhost)
	by castle.jp.FreeBSD.org (8.11.6+3.4W/8.11.3) id g19DXmS30615;
	Sat, 9 Feb 2002 22:33:48 +0900 (JST)
	(envelope-from owner-FreeBSD-users-jp@jp.FreeBSD.org)
Received: from pelsia.netmove.co.jp (pelsia.netmove.co.jp [202.241.207.159])
	by castle.jp.FreeBSD.org (8.11.6+3.4W/8.11.3) with ESMTP/inet id g19DXm630610
	for <FreeBSD-users-jp@jp.FreeBSD.org>; Sat, 9 Feb 2002 22:33:48 +0900 (JST)
	(envelope-from shige@netmove.co.jp)
Received: (from nork@localhost)
	by pelsia.netmove.co.jp (8.11.6/8.11.6) id g19DXh518382;
	Sat, 9 Feb 2002 22:33:43 +0900 (JST)
	(envelope-from nork)
From: nork@cityfujisawa.ne.jp (Norikatsu Shigemura)
To: FreeBSD-users-jp@jp.FreeBSD.org
X-Mailer: mnews [version 1.22PL5] 2001-02/07(Wed)
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-2022-JP
Date: Sat, 9 Feb 2002 22:33:42 +0900
Message-ID: <020209223342.M0118167@pelsia.netmove.co.jp>
Reply-To: FreeBSD-users-jp@jp.FreeBSD.org
Precedence: list
X-Distribute: distribute version 2.1 (Alpha) patchlevel 24e+011218
X-Sequence: FreeBSD-users-jp 66845
Subject: [FreeBSD-users-jp 66845] chflags in jail
Errors-To: owner-FreeBSD-users-jp@jp.FreeBSD.org
Sender: owner-FreeBSD-users-jp@jp.FreeBSD.org
X-Originator: nork@cityfujisawa.ne.jp

$B=EB<K!9n$G$9!#(B

	$B4{B84D6-$K1F6A$rM?$($:$K(B package $B$N:n@.$r9T$$$?$$$H;W$$(B(rm -rf
	/usr/local /usr/X11R6 $B$,$7$?$$(B!), jail $B4D6-2<$G(B ports $B$+$i(B
	package $B$r:n@.$9$k4D6-$r@0$($?$H$3$m(B, japanese/man $B$N%$%s%9(B
	$B%H!<%k;~$KLdBj(B(Permission Denied)$B$,H/@8$9$k$3$H$,$o$+$j$^$7(B
	$B$?!#(Bchflags $B$G<:GT$9$k$N$,$o$+$C$?$N$G(B jail $B4D6-2<$G$N@)8B$H(B
	$B;W$C$FD4$Y$F$_$?$H$3$m(B, $B3N$+$K$=$N$h$&$J@)8B$,$"$j$^$7$F(B,
	sysctl (jail.chflags_allowed)$B$G@)8f2DG=$J$h$&$K%Q%C%A$r:n$C(B
	$B$F$_$^$7$?!#(B

	$B$3$N%Q%C%A$K$h$k1F6AHO0O$rD4$Y$?$N$G$9$,(B, chflags(2) $B$H(B
	fchflags(2) $B0J30$K$O1F6A$rM?$($J$$$3$H$r3NG'$7$F$$$^$9!#$7(B
	$B$+$7(B, jail $B$G;H$($J$$$h$&$K$7$F$$$?$3$H$r9M$($k$H%;%-%e%j%F(B
	$B%#E*$KBEEv$J$N$+$o$+$j$^$;$s!#$3$&$$$&@)8B$r30$9$b$N$H$$$&(B
	$B$N$OK\2H$K%^!<%8$5$l$F(B($B$H$$$C$F$b(B send-pr $B$7$h$&$H;W$C$F$$(B
	$B$kDxEY$G$9$,(B)$B$$$$$b$N$J$N$G$7$g$&$+(B?

# chroot $B$G$bNI$+$C$?$N$G$9$,(B, ssh $B$G%m%0%$%s$7$F:n6H$G(B
# $B$-$k$H$$$&$H$3$m$K1?MQ>e3Z$JE@$r8+=P$7$?$b$N$G!D(B...
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
--- src/sys/kern/kern_jail.c.orig	Sat Aug 18 03:17:15 2001
+++ src/sys/kern/kern_jail.c	Sat Feb  9 21:54:57 2002
@@ -44,6 +44,13 @@
     &jail_sysvipc_allowed, 0,
     "Processes in jail can use System V IPC primitives");
 
+/* BASE FROM
+   $FreeBSD: src/sys/kern/kern_jail.c,v 1.6.2.3 2001/08/17 01:00:26 rwatson Exp $ */
+int	jail_chflags_allowed = 0;
+SYSCTL_INT(_jail, OID_AUTO, chflags_allowed, CTLFLAGS_RW,
+    &jail_chflags_allowed, 0,
+    "Processes in jail can use chflags system call");
+
 int
 jail(p, uap)
         struct proc *p;
--- src/sys/kern/vfs_syscalls.c.orig	Tue Jan  8 23:32:37 2002
+++ src/sys/kern/vfs_syscalls.c	Sat Feb  9 22:09:48 2002
@@ -61,6 +61,9 @@
 #include <sys/proc.h>
 #include <sys/dirent.h>
 #include <sys/extattr.h>
+/* BASE FROM
+   $FreeBSD: src/sys/kern/vfs_syscalls.c,v 1.151.2.13 2002/01/07 20:47:34 se Exp $ */
+#include <sys/jail.h>
 
 #include <machine/limits.h>
 #include <miscfs/union/union.h>
@@ -1998,7 +2001,7 @@
 	 * chown can't fail when done as root.
 	 */
 	if ((vp->v_type == VCHR || vp->v_type == VBLK) && 
-	    ((error = suser_xxx(p->p_ucred, p, PRISON_ROOT)) != 0))
+	    ((error = suser_xxx(p->p_ucred, p, jail_chflags_allowed ? 0 : PRISON_ROOT)) != 0))
 		return (error);
 
 	VOP_LEASE(vp, p, p->p_ucred, LEASE_WRITE);
--- src/sys/sys/jail.h.orig	Thu Nov  2 02:58:06 2000
+++ src/sys/sys/jail.h	Sat Feb  9 22:12:10 2002
@@ -49,6 +49,9 @@
 extern int	jail_set_hostname_allowed;
 extern int	jail_socket_unixiproute_only;
 extern int	jail_sysvipc_allowed;
+/* BASE FROM
+   $FreeBSD: src/sys/sys/jail.h,v 1.8.2.2 2000/11/01 17:58:06 rwatson Exp $ */
+extern int	jail_chflags_allowed;
 
 #endif /* !_KERNEL */
 #endif /* !_SYS_JAIL_H_ */
