http://www.berklix.com/~jhs/src/bsd/fixes/FreeBSD/ports/gen/sysutils/ezjail/files/patch-jb.REL=9.1-RELEASE.diff http://www.freebsd.org/cgi/query-pr.cgi?pr=180739 Applies to ports/sysutils/ezjail using ezjail-3.3 on current ports @ Mon Jul 22 15:53:40 CEST 2013 As well as applying the ports/ patch, it is reccomended that administrators with prisons hosting jails within, that were created by ports/sysutils/ezjail should: cd /usr/jails ; chmod o-rwx * ; chmod o+rx basejail (Administrators & users of jails do not need to do anything). I suggest port Maintainer should also modify permissions with which /usr/jails/newjail gets installed (with an o-rwx), as those permissions get inherited by "ezjail-admin create" (& fixed by patch below). (Sorry, no time to also do that currently, as about to travel) Explanatory notes privately mailed to: "Maintainer of ports/sysutils/ezjail" , & S O *** ezjail-admin.orig Mon Jul 22 14:47:30 2013 --- ezjail-admin Mon Jul 22 14:57:02 2013 *************** *** 645,650 **** --- 645,651 ---- newfs -U "/dev/${ezjail_device}" || detach_images || exerr "Error: Could not newfs /dev/${ezjail_device}." # Create mount point and mount mkdir -p "${ezjail_rootdir}" || detach_images || exerr "Error: Could not create jail root mount point ${ezjail_rootdir}." + chmod o-rwx ${ezjail_rootdir} mount "/dev/${ezjail_device}" "${ezjail_rootdir}" || detach_images || exerr "Error: Could not mount /dev/${ezjail_device} to ${ezjail_root}." else if [ -e "${ezjail_rootdir}" -a ! -d "${ezjail_rootdir}" ]; then *************** *** 660,665 **** --- 662,668 ---- ezjail_makeabsolute ezjail_fromarchive [ "${ezjail_fromarchive}" = "-" ] && unset ezjail_archive_opt || ezjail_archive_opt="-f ${ezjail_fromarchive}" mkdir -p "${ezjail_rootdir}" && cd "${ezjail_rootdir}" && pax -rz -pe ${ezjail_archive_opt} -s:^ezjail:.: ezjail/* + chmod o-rwx ${ezjail_rootdir} [ $? -eq 0 ] || detach_images || exerr "Error: Could not extract archive from ${ezjail_fromarchive}." elif [ -z "${ezjail_exists}" ]; then # now take a copy of our template jail *************** *** 671,676 **** --- 675,681 ---- /sbin/zfs destroy ${ezjail_jailzfs}/newjail@_createnewjailtmp else mkdir -p "${ezjail_rootdir}" && cd "${ezjail_jailtemplate}" && find . | cpio -p -v "${ezjail_rootdir}" > /dev/null + chmod o-rwx ${ezjail_rootdir} fi [ $? -eq 0 ] || detach_images || exerr "Error: Could not copy template jail."