From owner-cvs-all@FreeBSD.ORG Mon Apr 26 12:57:39 2004 Return-Path: Delivered-To: cvs-all@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2A0BB16A4D0; Mon, 26 Apr 2004 12:57:39 -0700 (PDT) Received: from sev.net.ua (sev.net.ua [212.86.233.226]) by mx1.FreeBSD.org (Postfix) with ESMTP id 147A743D48; Mon, 26 Apr 2004 12:57:38 -0700 (PDT) (envelope-from shadow@psoft.net) Received: from berloga.shadowland ([213.227.237.65]) by sev.net.ua (8.12.10/8.12.9) with ESMTP id i3QJvYv0083398; Mon, 26 Apr 2004 22:57:35 +0300 (EEST) (envelope-from shadow@psoft.net) Received: from berloga.shadowland (berloga.shadowland [127.0.0.1]) by berloga.shadowland (8.12.10/8.12.10) with ESMTP id i3QJvYfo021350; Mon, 26 Apr 2004 22:57:34 +0300 Received: (from root@localhost) by berloga.shadowland (8.12.10/8.12.10/Submit) id i3QJvX3C021348; Mon, 26 Apr 2004 22:57:33 +0300 From: Alex Lyashkov To: Bosko Milekic In-Reply-To: <200404261946.i3QJkqTK090160@repoman.freebsd.org> References: <200404261946.i3QJkqTK090160@repoman.freebsd.org> Content-Type: text/plain; charset=KOI8-R Content-Transfer-Encoding: quoted-printable Organization: PSoft Message-Id: <1083009453.8282.76.camel@berloga.shadowland> Mime-Version: 1.0 X-Mailer: Ximian Evolution 1.4.5 (1.4.5-1) Date: Mon, 26 Apr 2004 22:57:33 +0300 cc: cvs-all@FreeBSD.org Subject: Re: cvs commit: src/sys/kern kern_jail.c src/sys/net rtsock.c src/sys/netinet raw_ip.c src/sys/sys jail.h X-BeenThere: cvs-all@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: CVS commit messages for the entire tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 26 Apr 2004 19:57:39 -0000 =F7 =F0=CE=C4, 26.04.2004, =D7 22:46, Bosko Milekic =D0=C9=DB=C5=D4: > bmilekic 2004/04/26 12:46:52 PDT >=20 > FreeBSD src repository >=20 > Modified files: > sys/kern kern_jail.c=20 > sys/net rtsock.c=20 > sys/netinet raw_ip.c=20 > sys/sys jail.h=20 > Log: > Give jail(8) the feature to allow raw sockets from within a > jail, which is less restrictive but allows for more flexible > jail usage (for those who are willing to make the sacrifice). > The default is off, but allowing raw sockets within jails can > now be accomplished by tuning security.jail.allow_raw_sockets > to 1. > =20 > Turning this on will allow you to use things like ping(8) > or traceroute(8) from within a jail. > =20 > The patch being committed is not identical to the patch > in the PR. The committed version is more friendly to > APIs which pjd is working on, so it should integrate > into his work quite nicely. This change has also been > presented and addressed on the freebsd-hackers mailing > list. > =20 > Submitted by: Christian S.J. Peron > PR: kern/65800 > =20 > Revision Changes Path > 1.42 +5 -0 src/sys/kern/kern_jail.c > 1.108 +13 -2 src/sys/net/rtsock.c > 1.129 +31 -2 src/sys/netinet/raw_ip.c > 1.21 +1 -0 src/sys/sys/jail.h You not think more and more right way port vimage (http://www.tel.fer.hr/zec/vimage/) to FreeBSD 5 ? Author not have time to start porting, but it project is very well then this hack. --=20 Alex Lyashkov PSoft