On 9/20/24 15:56, Ryan Steinmetz wrote:
This is probably something specific to your environment, as it works in
a fresh jail on a 14.1-RELEASE system:
Thanks for answering. Today it works!
I did some upgrades in the last few days, but none should be relevant.
Notice I didn't restart the jail.
:-|
I'll keep an eye on this in case it happens again.
As a starting point, I would look for defaults you have modified in:
- security.jail sysctls
- security.mac sysctls
- *chroot* sysctls
- kern.securelevel
- security.jail.param.securelevel
The only entries I have in /etc/sysctl.conf are:
security.bsd.unprivileged_proc_debug=1
security.bsd.unprivileged_read_msgbuf=1
security.bsd.see_other_gids=1
security.bsd.hardlink_check_gid=1
security.bsd.hardlink_check_uid=1
security.bsd.see_other_uids=0
security.bsd.stack_guard_page=1
I don't think any of these lives in the categories above.
Also I'm using ezjail, but changed none of its default.
- Filesystem permissions in the new root dir (and its parent directories)
# ls -l /usr/local/etc/|grep rbl
drwxr-xr-x 2 root wheel 7 Sep 19 20:02 rbldnsd
Is this fine?
Permissions of all parents are the standard ones.
bye & Thanks
av.
