Date: Sun, 9 Dec 2018 21:11:27 +0100 From: =?utf-8?Q?C=C3=A9dric_Maunoury?= <cedric.maunoury@gmail.com> To: freebsd-jail@freebsd.org Subject: setfib allowed in jail Message-ID: <B9D3F667-4F73-4163-B0DD-30BCEDA0EE0D@gmail.com>
next in thread | raw e-mail | index | archive | help
Hello everyone, It=E2=80=99s my first mail on this mailing list... Thus, please forgive me i= f I do something wrong :) I was playing on a FreeBSD 11.2 with jails and I was surprised to be able to= succesfully launch setfib from inside a jail... that means I can use an oth= er routing table than the one configured in the jail configuration file. To me, it should be forbidden. The patch would be to add the following lines= at the beginning of the function sys_setfib (sys/net/route.c) - not tested := =E2=80=94=E2=80=94 if jailed(td->td_ucred) return EPERM =E2=80=94=E2=80=94 Thanks, C=C3=A9dric=20=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?B9D3F667-4F73-4163-B0DD-30BCEDA0EE0D>