Date: Wed, 24 Nov 2010 12:52:32 -0500 From: Steve Polyack <korvus@comcast.net> To: freebsd-net@freebsd.org, User Questions <freebsd-questions@freebsd.org> Cc: "Brian A. Seklecki" <bseklecki@collaborativefusion.com> Subject: Jail source address selection in 8.1-RELEASE Message-ID: <4CED50E0.7020205@comcast.net>
next in thread | raw e-mail | index | archive | help
Hi, There appears to be a loosely documented sysctl 'security.jail.param.ip4.saddrsel' which should limit source IP selection of jails to their primary jail interface/IP. The sysctl does not appear to do anything, however: # sysctl security.jail.param.ip4.saddrsel=0 -> # echo $? 0 # sysctl security.jail.param.ip4.saddrsel # # sysctl -d security.jail.param.ip4.saddrsel security.jail.param.ip4.saddrsel: Do (not) use IPv4 source address selection rather than the primary jail IPv4 address. Is this tunable only available when VIMAGE jails are built? The 8.1-RELEASE Release Notes suggest it is for VIMAGE jail(8) containers, while 7.3-RELEASE Release Notes suggest that it is available for the entire jail(8) subsystem as 'security.jail.ip4_saddrsel', a different OID. FreeBSD xxxx 8.1-RELEASE FreeBSD 8.1-RELEASE #0: Tue Aug 3 16:24:09 EDT 2010 root@xxxx:/usr/obj/usr/src/sys/GENERIC amd64
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4CED50E0.7020205>