jail.chflags_allowed
Matthew Dillon
dillon at apollo.backplane.com
Sat Jul 23 10:51:19 PDT 2005
Ok, not bad, but from my read the FreeBSD version of this sysctl
variable doesn't completely disallow chflags, it simply disallows
super-user chflags. Normal user chflags are still allowed as long
as the superuser hasn't set any superuser flags.
This is a bit harder to check for because the filesystem code needs
to check the existing flags against the new flag, which the high
level system call does not have direct access to. I didn't consider
that when I originally suggested that we move the check to the syscall
code.
So I guess that puts us back at the original implementation... placing
the check directly in UFS.
I'll go ahead and commit the FreeBSD equivalent to vfs/ufs/ufs_vnops.c.
-Matt
Matthew Dillon
<dillon at xxxxxxxxxxxxx>
More information about the Submit
mailing list