cvs commit: src/sys/kern kern_jail.c src/sys/net rtsock.c
src/sys/netinet raw_ip.c src/sys/sys jail.h
Julian Elischer
julian at elischer.org
Mon Apr 26 13:07:28 PDT 2004
Any plans to MFC?
(please)
On Mon, 26 Apr 2004, Bosko Milekic wrote:
> bmilekic 2004/04/26 12:46:52 PDT
>
> FreeBSD src repository
>
> Modified files:
> sys/kern kern_jail.c
> sys/net rtsock.c
> sys/netinet raw_ip.c
> sys/sys jail.h
> Log:
> Give jail(8) the feature to allow raw sockets from within a
> jail, which is less restrictive but allows for more flexible
> jail usage (for those who are willing to make the sacrifice).
> The default is off, but allowing raw sockets within jails can
> now be accomplished by tuning security.jail.allow_raw_sockets
> to 1.
>
> Turning this on will allow you to use things like ping(8)
> or traceroute(8) from within a jail.
>
> The patch being committed is not identical to the patch
> in the PR. The committed version is more friendly to
> APIs which pjd is working on, so it should integrate
> into his work quite nicely. This change has also been
> presented and addressed on the freebsd-hackers mailing
> list.
>
> Submitted by: Christian S.J. Peron <maneo at bsdpro.com>
> PR: kern/65800
>
> Revision Changes Path
> 1.42 +5 -0 src/sys/kern/kern_jail.c
> 1.108 +13 -2 src/sys/net/rtsock.c
> 1.129 +31 -2 src/sys/netinet/raw_ip.c
> 1.21 +1 -0 src/sys/sys/jail.h
>
More information about the cvs-all
mailing list