kern/68189 and kern/169751: what jails are allowed to see in a routing socket

[David Thiel]

On Thu, Jan 03, 2013 at 10:48:24AM -0700, Jamie Gritton wrote:
> On 01/03/13 02:36, Bjoern A. Zeeb wrote:
> > Meanwhile your suggestion might be ok given simple enough, but I wonder
> > if a different flag would be helpful still. I would not be able to
> > "trust" (the little that is possible anyway) raw_sockets anymore if they
> > suddently could fiddle with the routing table - even read-only, should
> > that really be enough.
> > I would explicitly advertise it as 'do not use - will go away again'
> > feature and it should the moment vnets are declared non-experimental.
> 
> Well I'd rather not introduce something as a stopgap. Either this is
> worth doing or it isn't. It does make sense to at least make sure it
> works with VNET.

Hello all,

Thanks for your consideration of the issue. 

I don't think it would necessarily have to be a stopgap - I think 
something like jail.socket_allow_readroute, default 0, wouldn't hurt 
anything and would definitely help some folks, as this issue has arisen 
for multiple people over the years.

While I agree that vnets will be a great future solution, I think that 
the very existence of unixiproute_only is kind of problematic, as it 
implies that jails should be able to use routing sockets by default 
(read-only, presumably). If we don't want to allow that, should it at 
least be slated to rename/redocument this sysctl at some point in the 
future? Or is it intended that VNET totally replace old jail 
infrastructure, obviating the need for that sysctl at all?

-David