setfib allowed in jail
Cédric Maunoury
cedric.maunoury at gmail.com
Sun Dec 9 20:11:36 UTC 2018
Hello everyone,
It’s my first mail on this mailing list... Thus, please forgive me if I do something wrong :)
I was playing on a FreeBSD 11.2 with jails and I was surprised to be able to succesfully launch setfib from inside a jail... that means I can use an other routing table than the one configured in the jail configuration file.
To me, it should be forbidden. The patch would be to add the following lines at the beginning of the function sys_setfib (sys/net/route.c) - not tested :
——
if jailed(td->td_ucred)
return EPERM
——
Thanks,
Cédric
More information about the freebsd-jail
mailing list