Date: Mon, 28 Feb 2005 16:48:51 +0000 (GMT) From: Jan Grant <Jan.Grant@bristol.ac.uk> To: Xin LI <delphij@frontfree.net> Cc: freebsd-arch@FreeBSD.org Subject: Re: bind() on 127.0.0.1 in jail: bound to the outside address? Message-ID: <Pine.GSO.4.61.0502281643320.18097@mail.ilrt.bris.ac.uk> In-Reply-To: <20050228162548.GA57140@frontfree.net> References: <20050228162548.GA57140@frontfree.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 1 Mar 2005, Xin LI wrote: > Your ideas are highly appreciated! It's not minimal, but assuming that it's desirable that processes listening on loopback sockets shouldn't collide outside the jail, one approach might be as follows: - get jails to the point where they can manage more than one IP address per jail; - a jail config will then include an alias on the loopback address (127.0.0.2, ...) unfortunately like all jail extensions this has other problems - for instance, the close association of a jail to "its IP address" is broken by this. -- jan grant, ILRT, University of Bristol. http://www.ilrt.bris.ac.uk/ Tel +44(0)117 9287864 or +44 (0)117 9287088 http://ioctl.org/jan/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.GSO.4.61.0502281643320.18097>