Date: Mon, 26 Apr 2004 13:07:24 -0700 (PDT) From: Julian Elischer <julian@elischer.org> To: Bosko Milekic <bmilekic@FreeBSD.org> Cc: cvs-all@FreeBSD.org Subject: Re: cvs commit: src/sys/kern kern_jail.c src/sys/net rtsock.c src/sys/netinet raw_ip.c src/sys/sys jail.h Message-ID: <Pine.BSF.4.21.0404261307090.45911-100000@InterJet.elischer.org> In-Reply-To: <200404261946.i3QJkqTK090160@repoman.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Any plans to MFC? (please) On Mon, 26 Apr 2004, Bosko Milekic wrote: > bmilekic 2004/04/26 12:46:52 PDT > > FreeBSD src repository > > Modified files: > sys/kern kern_jail.c > sys/net rtsock.c > sys/netinet raw_ip.c > sys/sys jail.h > Log: > Give jail(8) the feature to allow raw sockets from within a > jail, which is less restrictive but allows for more flexible > jail usage (for those who are willing to make the sacrifice). > The default is off, but allowing raw sockets within jails can > now be accomplished by tuning security.jail.allow_raw_sockets > to 1. > > Turning this on will allow you to use things like ping(8) > or traceroute(8) from within a jail. > > The patch being committed is not identical to the patch > in the PR. The committed version is more friendly to > APIs which pjd is working on, so it should integrate > into his work quite nicely. This change has also been > presented and addressed on the freebsd-hackers mailing > list. > > Submitted by: Christian S.J. Peron <maneo@bsdpro.com> > PR: kern/65800 > > Revision Changes Path > 1.42 +5 -0 src/sys/kern/kern_jail.c > 1.108 +13 -2 src/sys/net/rtsock.c > 1.129 +31 -2 src/sys/netinet/raw_ip.c > 1.21 +1 -0 src/sys/sys/jail.h >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0404261307090.45911-100000>