Am 2023-08-29 21:02, schrieb Shawn Webb:
Back in 2019, I had a similar issue: I needed access to be able to
read/write to the system extended attribute namespace from within a
jailed context. I wrote a rather simple patch that provides that
support on a per-jail basis:
https://git.hardenedbsd.org/hardenedbsd/HardenedBSD/-/commit/96c85982b45e44a6105664c7068a92d0a61da2a3
You enabled it by default. I would assume you had a thought about the
implications... any memories about it?
What I'm after is:
- What can go wrong if we enable it by default?
- Why would we like to disable it (or any ideas why it is disabled by
default in FreeBSD)?
Depending in the answers we may even use a simpler patch and have it
allowed in jails even without the possibility to configure it.
Bye,
Alexander.
--
http://www.Leidinger.net alexan...@leidinger.net: PGP 0x8F31830F9F2772BF
http://www.FreeBSD.org netch...@freebsd.org : PGP 0x8F31830F9F2772BF