In the process of tightening up my jails a bit more, I wanted to use ZFS to limit the setuid bit having any impact to just the directories where I expect setuid binaries with something like:
Unfortunately, the base-system install wants to link usr/bin/chgrp and usr/sbin/chown:
which tries to create a cross-device link (and fails)
Any suggestions as how to modify the Makefile (or other build-system changes) so that I install the binary at both locations would be greatly appreciated. These days, another 9896 bytes isn't going to kill me.
Code:
zfs create -o setuid=off ${filesystem}
[...]
zfs create -o setuid=on ${filesystem}/bin
zfs create -o setuid=on ${filesystem}/sbin
zfs create -o setuid=on ${filesystem}/libexec
[...]
zfs create -o setuid=on ${filesystem}/usr/bin
zfs create -o setuid=on ${filesystem}/usr/sbin
zfs create -o setuid=on ${filesystem}/usr/libexec
[...]
zfs create -o setuid=on ${filesystem}/usr/local/bin
zfs create -o setuid=on ${filesystem}/usr/local/sbin
zfs create -o setuid=on ${filesystem}/usr/local/libexecUnfortunately, the base-system install wants to link usr/bin/chgrp and usr/sbin/chown:
Code:
# @(#)Makefile 8.1 (Berkeley) 6/6/93
# $FreeBSD: stable/9/usr.sbin/chown/Makefile 201390 2010-01-02 11:07:44Z ed $
PROG= chown
LINKS= ${BINDIR}/chown /usr/bin/chgrp
MAN= chgrp.1 chown.8
.include <bsd.prog.mk>
Code:
/zstorage/new-jail/usr/bin/chgrp -> /zstorage/new-jail/usr/sbin/chown
install: link /zstorage/new-jail/usr/sbin/chown -> /zstorage/new-jail/usr/bin/chgrp: Cross-device linkAny suggestions as how to modify the Makefile (or other build-system changes) so that I install the binary at both locations would be greatly appreciated. These days, another 9896 bytes isn't going to kill me.