cvs commit: src/sys/kern kern_jail.c src/sys/net rtsock.c
src/sys/netinet raw_ip.c src/sys/sys jail.h
Alex Lyashkov
shadow at psoft.net
Mon Apr 26 12:57:39 PDT 2004
В Пнд, 26.04.2004, в 22:46, Bosko Milekic пишет:
> bmilekic 2004/04/26 12:46:52 PDT
>
> FreeBSD src repository
>
> Modified files:
> sys/kern kern_jail.c
> sys/net rtsock.c
> sys/netinet raw_ip.c
> sys/sys jail.h
> Log:
> Give jail(8) the feature to allow raw sockets from within a
> jail, which is less restrictive but allows for more flexible
> jail usage (for those who are willing to make the sacrifice).
> The default is off, but allowing raw sockets within jails can
> now be accomplished by tuning security.jail.allow_raw_sockets
> to 1.
>
> Turning this on will allow you to use things like ping(8)
> or traceroute(8) from within a jail.
>
> The patch being committed is not identical to the patch
> in the PR. The committed version is more friendly to
> APIs which pjd is working on, so it should integrate
> into his work quite nicely. This change has also been
> presented and addressed on the freebsd-hackers mailing
> list.
>
> Submitted by: Christian S.J. Peron <maneo at bsdpro.com>
> PR: kern/65800
>
> Revision Changes Path
> 1.42 +5 -0 src/sys/kern/kern_jail.c
> 1.108 +13 -2 src/sys/net/rtsock.c
> 1.129 +31 -2 src/sys/netinet/raw_ip.c
> 1.21 +1 -0 src/sys/sys/jail.h
You not think more and more right way port vimage
(http://www.tel.fer.hr/zec/vimage/) to FreeBSD 5 ?
Author not have time to start porting, but it project is very well then
this hack.
--
Alex Lyashkov <shadow at psoft.net>
PSoft
More information about the cvs-all
mailing list