Implement unprivileged chroot
460b4b550dc9
Actions

Description

Implement unprivileged chroot

This builds on recently introduced NO_NEW_PRIVS flag to implement
unprivileged chroot, enabled by security.bsd.unprivileged_chroot.
It allows non-root processes to chroot(2), provided they have the
NO_NEW_PRIVS flag set.

The chroot(8) utility gets a new flag, -n, which sets NO_NEW_PRIVS
before chrooting.

Reviewed By: kib
Sponsored By: EPSRC
Relnotes: yes
Differential Revision: https://reviews.freebsd.org/D30130

(cherry picked from commit a40cf4175c90142442d0c6515f6c83956336699b)

Details

Provenance

trasz

Authored on Jul 20 2021, 8:56 AM

Reviewer

kib

Differential Revision

D30130: Unprivileged chroot

Parents

rGc428292cb376: libpfctl: fix pfctl_kill_states()

Branches

Unknown

Tags

Unknown

Event Timeline

trasz committed rG460b4b550dc9: Implement unprivileged chroot (authored by trasz).Feb 14 2022, 6:42 PM

trasz added an edge: D30130: Unprivileged chroot.Feb 18 2022, 2:52 PM

Changes (3)

Path

Size

sys/

kern/

vfs_syscalls.c

usr.sbin/

chroot/

chroot.8

chroot.c

rG460b4b550dc9

View Options

sys/kern/vfs_syscalls.c

View Options

usr.sbin/chroot/chroot.8

View Options

Implement unprivileged chroot460b4b550dc9Actions

Description

Details

Event Timeline

Changes (3)

rG460b4b550dc9

sys/kern/vfs_syscalls.c

usr.sbin/chroot/chroot.8

usr.sbin/chroot/chroot.c

Implement unprivileged chroot
460b4b550dc9
Actions