Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 20 Feb 2003 19:00:54 +0100
From:      Pawel Jakub Dawidek <nick@garage.freebsd.pl>
To:        Robert Watson <rwatson@freebsd.org>
Cc:        freebsd-hackers@freebsd.org, phk@freebsd.org
Subject:   Re: Multi-level jailing.
Message-ID:  <20030220180054.GD76998@garage.freebsd.pl>
In-Reply-To: <Pine.NEB.3.96L.1030220100414.76380A-100000@fledge.watson.org>
References:  <20030217070554.GE10767@garage.freebsd.pl> <Pine.NEB.3.96L.1030220100414.76380A-100000@fledge.watson.org>
next in thread | previous in thread | raw e-mail | index | archive | help 

--2hMgfIw2X+zgXrFs
Content-Type: text/plain; charset=iso-8859-2
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Thu, Feb 20, 2003 at 10:05:52AM -0500, Robert Watson wrote:
+> > I have prepared patch for jail functionality against FreeBSD
+> > 5.0-CURRENT.  It provides multi-level jailing and multiple ips for
+> > jails.=20
+>=20
+> Sounds cool, although I haven't had a chance to read the patch yet.
+> Question: how did you handle the problem (if at all) that INADDR_ANY
+> doesn't perform a wildcard binding with multiple IPs in the same jail?
+> It's not strictly required that it be handled, but it was always one of
+> the semantic problems I bumped into when I experimented with more IPs.  A
+> single-IP jail "works" because it maps INADDR_ANY into the only IP
+> available.  I'll try to get a box up and running with these changes in t=
he
+> next few days and give them a spin.

Hmm, this problem is still there, but I think that we could resolve it
by changing all code where IP is compared to INADDR_ANY, to function
like this:

int
prison_inaddr_any(struct ucred *cred, u_int32_t ip)
{
	register u_int i;
	register struct prison *pr =3D cred->cr_prison;

	if (!jailed(cred))
		return (ip =3D=3D INADDR_ANY);

	for (i =3D 0; i < pr->pr_nips; ++i) {
		if (pr->pr_ips[i] =3D=3D ip)
			return (1);
	}

	return (0);
}

And remove mapping to specified IP, INADDR_ANY should stay there.

--=20
Pawel Jakub Dawidek
UNIX Systems Administrator
http://garage.freebsd.pl
Am I Evil? Yes, I Am.

--2hMgfIw2X+zgXrFs
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (FreeBSD)

iQCVAwUBPlUX1j/PhmMH/Mf1AQFuygP5AatpA/DgGtMWTGKSUc0BKnDjmbJXp/Vx
cOs8GEg93nqHwmvH9m8K2X0hFzHAbwQ9qq5ZI/dX+aRAFa1nPxQLytS2yRlc9Uuk
x0EPhC1OTa2VHlhY1gQUF+8wRlqgspmgT8rBq8MWXLWTE6zvFD3Jr3kUgjHpvYCk
5PnoJWO7oxY=
=f1tn
-----END PGP SIGNATURE-----

--2hMgfIw2X+zgXrFs--

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030220180054.GD76998>