How to install packages in chroot when chroot is launched with doas?

Question

On OpenBSD 7.2 stable, I've setup my chroot using this script:

#!/bin/ksh

dir="/jails/$1"
mkdir -p "$dir"

tar -C "$dir" -xzf /usr/src/base/base72.tgz
tar -C "$dir" -xzf /usr/src/base/comp72.tgz
tar -C "$dir" -xzf /usr/src/base/man72.tgz
tar -C "$dir" -xzf /usr/src/base/xbase72.tgz
tar -C "$dir" -xzf /usr/src/base/xfont72.tgz
tar -C "$dir" -xzf /usr/src/base/xserv72.tgz
tar -C "$dir" -xzf /usr/src/base/xshare72.tgz

(cd "$dir/dev" && doas ./MAKEDEV all)

doas cp /etc/{doas.conf,installurl,resolv.conf,master.passwd,passwd,group} "$dir/etc/"
mkdir -p "$dir/home/evan"
chown evan:wheel "$dir/home/evan"

doas chroot "$dir" pwd_mkdb /etc/master.passwd
doas chroot "$dir" ldconfig /usr/local/lib
doas chroot "$dir" sysmerge

While logged-in as the user evan, I enter my chroot using doas chroot /jails/project /usr/bin/su - evan

I try running doas pkg_add cowsay and I get this error:

doas: not installed setuid

What am I missing?

Answer 1

In what I understand to be the true OpenBSD spirit, I did some more research and believe I found the solution.

Some part of my script gets doas installed in the chroot (good) missing the setuid special permission (bad).

I first checked the permissions on the main system:

$ ls -al /usr/bin | grep doas
-r-sr-xr-x  1 root  bin   28040 Sep 27 17:40 doas

Then I checked what I had in my chroot:

$ doas chroot /jails/project ls -al /usr/bin | grep doas
-r-xr-xr-x  1 evan  wheel   28040 Sep 27 17:40 doas

After learning more about special permissions, I could see I needed to set the special permission like so:

doas chmod u+s /jails/project/usr/bin/doas

I also changed the owner to root:bin for good measure:

doas chown root:bin /jails/project/usr/bin/doas

Now I can run doas pkg_add cowsay inside my chroot and the command executes without issue.

---

 ___________ 
< RTM FTW! >
 ----------- 
        \   ^__^
         \  (oo)\_______
            (__)\       )\/\
                ||----w |
                ||     ||