Page MenuHomeFreeBSD
Files F155090451

D51702.diff
No OneTemporary
Actions

D51702.diff
View Options

diff --git a/lib/libsys/chroot.2 b/lib/libsys/chroot.2
--- a/lib/libsys/chroot.2
+++ b/lib/libsys/chroot.2
@@ -61,10 +61,10 @@
.Fn chroot
has no effect on the process's current directory.
.Pp
-This call is restricted to the super-user, unless the
+This call is restricted to the super-user if the
.Ql security.bsd.unprivileged_chroot
-sysctl variable is set to 1
-and the process has enabled the
+sysctl variable is set to 0.
+Unprivileged use requires that the process has enabled the
.Dv PROC_NO_NEW_PRIVS_CTL
.Xr procctl 2 .
.Pp
diff --git a/sys/kern/vfs_syscalls.c b/sys/kern/vfs_syscalls.c
--- a/sys/kern/vfs_syscalls.c
+++ b/sys/kern/vfs_syscalls.c
@@ -967,7 +967,7 @@
return (0);
}
-static int unprivileged_chroot = 0;
+static int unprivileged_chroot = 1;
SYSCTL_INT(_security_bsd, OID_AUTO, unprivileged_chroot, CTLFLAG_RW,
&unprivileged_chroot, 0,
"Unprivileged processes can use chroot(2)");

File Metadata

Mime Type
text/plain
Expires
Sat, May 2, 7:34 AM (9 h, 47 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
32610432
Default Alt Text
D51702.diff (926 B)

Event Timeline