Anyone interested in jail patches?
Bjoern A. Zeeb
bzeeb-lists at lists.zabbadoz.net
Sat Nov 29 09:05:08 PST 2008
On Thu, 27 Nov 2008, Frank Behrens wrote:
Hi,
> On the other side I still read in the patched jail(2) man page:
> "Similarly, it might be a good idea to add an address alias flag such
> that daemons listening on all IPs (INADDR_ANY) will not bind on that
> address...". Can you explain the current behaviour?
I think this question is related to your PR kern/84215.
The current situation is: jails take precendence. So if sshd is
listening on inaddr_any on the host and on inaddr_any inside a jail
the connection to an IP belonging to a jail will end up inside the
jail; any connections to IPs not beloning to jails will end up on the
base.
Obviously if you stop the jail and ssh to a former jail IP you'll end
up on the bsae system and ssh would complain about different keys
possibly while telnet or similar things won't notice.
/bz
--
Bjoern A. Zeeb Stop bit received. Insert coin for new game.
More information about the freebsd-jail
mailing list