jail(8) allow.socket_af, unknown oid
Glen Barber
glen.j.barber at gmail.com
Wed May 26 17:48:16 UTC 2010
Hi Jamie,
On 5/26/10 12:57 PM, Jamie Gritton wrote:
> On 05/25/10 11:54, Glen Barber wrote:
>> The jail(8) man page has an entry under 'allow.*', allow.socket_af,
>> which
>> states to allow access to protocol stacks that have not had jail
>> functionality
>> added to them.
>>
>> [snip]
>>
>> Is this sysctl missing, or is it not a tunable?
> The sysctls that describe available jail parameters don't always have a
> type that sysctl(8) understands. In particular, the boolean parameters
> are given a sysctl type of "B", and sysctl(8) will ignore them.
>
> These aren't useful sysctls in any normal way - they never have a
> meaningful value. The exist only so their types and sizes can be
> determined by jail(8) and jail(3).
>
> As per the jail(8) man page, you can use "sysctl -d" to show sysctl
> descriptions without the value. Since it's only the values that
> sysctl(8) doesn't understand, such parameters as allow.sock_af will then
> show up.
>
> Or, in a short answer to your last question: this isn't a tunable in the
> normal sysctl way, just a jail parameter.
>
> - Jamie
>
Thanks for the explanation. Would there be opposition about a patch for
jail(8) noting which sysctls are tunable by sysctl(8) and which are not?
--
Glen Barber
More information about the freebsd-jail
mailing list