FreeBSD porting questions

Hello. I’m trying to port Collabora Online to the FreeBSD OS. The first problem I met is the following Linux-specific code:

Is my understanding correct that this code checks that the current process has the rights to call “chroot”, “mknod” and change file permissions?

Sure - that’s rather important for our subsequent fork / etc. If FreeBSD doesn’t have capabilities then just having a root process for the forkit would be sufficient.

FreeBSD does have a capabilities framework, I just wondering under what circumstances the process may not have these capabilities? These are pretty common even for unprivileged user.

On linux, the ability to chroot is a security capability, as is creating device nodes, as is changing the ownership of those device nodes, for quite obvious reasons I hope :wink: creating a new /dev/sda and changing ownership to yourself might allow low-level un-controlled disk access (I speculate)

All right, according to man chroot, this function can be called only by root on FreeBSD. So I’ll make the code check for uid there.

1 Like