Sent with Proton Mail secure email.
On Monday, 6 January 2025 at 20:48, Paul Goyette <p...@whooppee.com> wrote:
> On Mon, 6 Jan 2025, Rhialto wrote:
>
> > Yes, normally you would need to be in single user mode to remove the
> > schg flag. This is not mentioned in chflags(1) but in
> > secmodel_securelevel(9). But if you run X, you typically need to be in
> > insecure mode anyway, so this point doesn't apply.
>
>
> The "need to be at secure-level 0" is also mentioned in chflag(2) ...
Thanks to all; one needs to read from time to time...
>
>
> +---------------------+--------------------------+----------------------+
> | Paul Goyette (.sig) | PGP Key fingerprint: | E-mail addresses: |
> | (Retired) | 1B11 1849 721C 56C8 F63A | p...@whooppee.com |
> | Software Developer | 6E2E 05FD 15CE 9F2D 5102 | pgoye...@netbsd.org |
> | & Network Engineer | | pgoyett...@gmail.com |
> +---------------------+--------------------------+----------------------+
In singleuser:
...
# mount -w /
# cd BAD_SUBDIR
# ls -alo
total 6
drwxr-xr-x 3 root wheel - 512 Jan 6 15:09 .
drwxr-xr-x 23 root wheel - 512 Jan 6 21:42 ..
drwxr-xr-x 2 root wheel schg 512 Dec 16 21:06 @test_8921_tmp??_SRC
# chflags -R noschg .
# rmdir \@test_8921_tmp\U+00C3\U+00A6_SRC/
#
....
I am about to run the same test under today's -current aarch64. BTW, I ran it
earlier under today's amd64 and it completed without any particular issues
(well, five tests failed, but I'd say this is a win).
Thanks again,
Chavdar
