jail(8) should be able to set kern.securelevel As described in man jail(8) the kern.securelevel in a jail can raised independent of host securelevel. If the jail is run with a user other than root (option -u or -U) this user can not change the securelevel. Therefore the securelevel must raised before the user is changed and this can be done in jail(8) only. jail(8) needs an option to be able to raise the securelevel in a jail if the jail is run with a restricted user. A workaround would be a suid executable inside the jail, but this is refused due to security constraints. Fix: The following patch implements the option to raise the kern.securelevel inside a newly created jail. How-To-Repeat: Start a jail with other user (option -u or -U) and try to raise the securelevel in the jail without any suid executable.
Responsible Changed From-To: freebsd-bugs->matteo Grab ownership. I'm interested in jails.
State Changed From-To: open->patched Patch committed to HEAD. I will MFC it in 2 weeks
State Changed From-To: patched->closed Fixed and MFC'ed