Allow PING(8) in jails without raw socket access permissions
carlos antonio neira bustos
cneirabustos at gmail.com
Wed Oct 14 22:00:42 UTC 2020
Hello,
I have currently a patch in review with jamie which is the current jail
maintainer and kyle evans, if anyone else could comment/review this patch :
https://reviews.freebsd.org/D26782
What has been done is the following :
Raw socket access is allowed for ICMP protocol as is required by
PING(8) but option IP_HDRINCL is not allowed. to accomplish this
a new privilege PRIV_NETINET_ICMP_ACCESS has been added by default for
jails.
Bests
More information about the freebsd-hackers
mailing list