From owner-freebsd-current@FreeBSD.ORG  Mon Oct  9 21:20:27 2006
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
X-Original-To: freebsd-current@freebsd.org
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 96FFF16A494
	for <freebsd-current@freebsd.org>; Mon,  9 Oct 2006 21:20:27 +0000 (UTC)
	(envelope-from rwatson@FreeBSD.org)
Received: from cyrus.watson.org (cyrus.watson.org [209.31.154.42])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 4D24B43D8C
	for <freebsd-current@freebsd.org>; Mon,  9 Oct 2006 21:19:54 +0000 (GMT)
	(envelope-from rwatson@FreeBSD.org)
Received: from fledge.watson.org (fledge.watson.org [209.31.154.41])
	by cyrus.watson.org (Postfix) with ESMTP id D99CA46C9A;
	Mon,  9 Oct 2006 17:19:47 -0400 (EDT)
Date: Mon, 9 Oct 2006 22:19:47 +0100 (BST)
From: Robert Watson <rwatson@FreeBSD.org>
X-X-Sender: robert@fledge.watson.org
To: Michal Mertl <mime@traveller.cz>
In-Reply-To: <1160428262.1009.58.camel@genius.i.cz>
Message-ID: <20061009221852.Q92182@fledge.watson.org>
References: <1160428262.1009.58.camel@genius.i.cz>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
Cc: freebsd-current <freebsd-current@freebsd.org>
Subject: Re: Little patch to mac_portacl(4)
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
	<freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>, 
	<mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 09 Oct 2006 21:20:27 -0000


On Mon, 9 Oct 2006, Michal Mertl wrote:

> I have just found out that mac_portacl breaks root binding of low ports in a 
> jail.
>
> I think that root in a jail should be allowed to bind to protected ports. 
> Alternatively it can be easily made optional.
>
> What do you think?
>
> One-line patch attached.

Yes, this is a good patch.  In fact, I believe I have the same (or at least, a 
similar) fix in my outstanding priv(9) patch.  I'll commit this tomorrow, 
thanks!

Robert N M Watson
Computer Laboratory
University of Cambridge