D51702.id159639.diff
No OneTemporary
Actions

Size

928 B

Referenced Files

None

Subscribers

None

D51702.id159639.diff
View Options

	Index: lib/libsys/chroot.2
	===================================================================
	--- lib/libsys/chroot.2
	+++ lib/libsys/chroot.2
	@@ -61,9 +61,9 @@
	.Fn chroot
	has no effect on the process's current directory.
	.Pp
	-This call is restricted to the super-user, unless the
	+This call is restricted to the super-user if the
	.Ql security.bsd.unprivileged_chroot
	-sysctl variable is set to 1.
	+sysctl variable is set to 0.
	.Pp
	Depending on the setting of the
	.Ql kern.chroot_allow_open_directories
	Index: sys/kern/vfs_syscalls.c
	===================================================================
	--- sys/kern/vfs_syscalls.c
	+++ sys/kern/vfs_syscalls.c
	@@ -965,7 +965,7 @@
	return (0);
	}

	-static int unprivileged_chroot = 0;
	+static int unprivileged_chroot = 1;
	SYSCTL_INT(_security_bsd, OID_AUTO, unprivileged_chroot, CTLFLAG_RW,
	&unprivileged_chroot, 0,
	"Unprivileged processes can use chroot(2)");