bind() on 127.0.0.1 in jail: bound to the outside address?
Jan Grant
Jan.Grant at bristol.ac.uk
Mon Feb 28 16:48:58 GMT 2005
On Tue, 1 Mar 2005, Xin LI wrote:
> Your ideas are highly appreciated!
It's not minimal, but assuming that it's desirable that processes
listening on loopback sockets shouldn't collide outside the jail, one
approach might be as follows:
- get jails to the point where they can manage more than one IP address
per jail;
- a jail config will then include an alias on the loopback address
(127.0.0.2, ...)
unfortunately like all jail extensions this has other problems - for
instance, the close association of a jail to "its IP address" is broken
by this.
--
jan grant, ILRT, University of Bristol. http://www.ilrt.bris.ac.uk/
Tel +44(0)117 9287864 or +44 (0)117 9287088 http://ioctl.org/jan/
More information about the freebsd-arch
mailing list