Date: Sun, 06 Jan 2008 09:57:01 -0800 From: Julian Elischer <julian@elischer.org> To: Mykola Dzham <freebsd@levsha.org.ua> Cc: Qing Li <qingli@freebsd.org>, FreeBSD Net <freebsd-net@freebsd.org>, arch@freebsd.org, Ivo Vachkov <ivo.vachkov@gmail.com>, Robert Watson <rwatson@freebsd.org>, Vadim Goncharov <vadimnuclight@tpu.ru> Subject: Re: resend: multiple routing table roadmap (format fix) Message-ID: <4781166D.2010108@elischer.org> In-Reply-To: <20080106112033.GA40991@expo.ukrweb.net> References: <4772F123.5030303@elischer.org> <f85d6aa70712261728h331eadb8p205d350dc7fb7f4c@mail.gmail.com> <477416CC.4090906@elischer.org> <opt4c0imk24fjv08@nuclight.avtf.net> <477D2EF3.2060909@elischer.org> <20080106112033.GA40991@expo.ukrweb.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Mykola Dzham wrote:
> Julian Elischer wrote:
>> setfib 3 /bin/sh
>>
>> now by default everythign you do uses table 3.
>> or even
>>
>> setfib 3 jail {blah}
>>
>> and all the procs in the jail use table 3. You also need to do
>> setfib 3 jexec xxx
>> for extra processes you add to the jail afterwards.
>
> Is it possible to deny setfib after setfib N /bin/sh ? Or call setfib
> from jail? If yes this can be usable for restriction jail on some
> different fib
>
I hadn't considered that..
though possibly what you want is vimage().
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4781166D.2010108>