svn commit: r319611 - in head: sys/kern sys/sys usr.sbin/jail

[Alexander Leidinger]

Quoting Allan Jude <allanjude at freebsd.org> (from Tue, 6 Jun 2017  
02:15:01 +0000 (UTC)):

> Author: allanjude
> Date: Tue Jun  6 02:15:00 2017
> New Revision: 319611
> URL: https://svnweb.freebsd.org/changeset/base/319611
>
> Log:
>   Jails: Optionally prevent jailed root from binding to privileged ports
>
>   You may now optionally specify allow.noreserved_ports to prevent root
>   inside a jail from using privileged ports (less than 1024)

What about a different name than "noreserved_ports"? This is very  
close to "nonreserverd_ports", and as such it's easy to get wrong the  
first time. IMO "block_reserved_ports" and "noblock_reserved_ports"  
(or another similar explicit wording) is less likely to get  
misunderstood (please take potential lack of language learning skills  
into account...).

> Modified: head/sys/kern/kern_jail.c
> ==============================================================================
> --- head/sys/kern/kern_jail.c	Tue Jun  6 02:03:22 2017	(r319610)
> +++ head/sys/kern/kern_jail.c	Tue Jun  6 02:15:00 2017	(r319611)
> @@ -199,6 +199,7 @@ static char *pr_allow_names[] = {
>  	"allow.mount.fdescfs",
>  	"allow.mount.linprocfs",
>  	"allow.mount.linsysfs",
> +	"allow.reserved_ports",
>  };
>  const size_t pr_allow_names_size = sizeof(pr_allow_names);
>
> @@ -218,10 +219,11 @@ static char *pr_allow_nonames[] = {
>  	"allow.mount.nofdescfs",
>  	"allow.mount.nolinprocfs",
>  	"allow.mount.nolinsysfs",
> +	"allow.noreserved_ports",

Bye,
Alexander.
-- 
http://www.Leidinger.net Alexander at Leidinger.net: PGP 0x8F31830F9F2772BF
http://www.FreeBSD.org    netchild at FreeBSD.org  : PGP 0x8F31830F9F2772BF
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: Digitale PGP-Signatur
URL: <http://lists.freebsd.org/pipermail/svn-src-head/attachments/20170607/381265e0/attachment.sig>