Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 24 Jul 2014 23:46:00 -0400
From:      Glen Barber <gjb@FreeBSD.org>
To:        Warren Block <wblock@wonkity.com>
Cc:        freebsd-jail@FreeBSD.org
Subject:   Re: check_dhcp
Message-ID:  <20140725034600.GA1065@hub.FreeBSD.org>
In-Reply-To: <alpine.BSF.2.11.1407242132590.3624@wonkity.com>
References:  <alpine.BSF.2.11.1407242042240.3624@wonkity.com> <20140725032045.GY1065@hub.FreeBSD.org> <alpine.BSF.2.11.1407242122540.3624@wonkity.com> <20140725033114.GZ1065@hub.FreeBSD.org> <alpine.BSF.2.11.1407242132590.3624@wonkity.com>
next in thread | previous in thread | raw e-mail | index | archive | help 

--Qesg98+uAFykT7J8
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Thu, Jul 24, 2014 at 09:35:52PM -0600, Warren Block wrote:
> On Thu, 24 Jul 2014, Glen Barber wrote:
> >On Thu, Jul 24, 2014 at 09:25:06PM -0600, Warren Block wrote:
> >>On Thu, 24 Jul 2014, Glen Barber wrote:
> >>>
> >>>The problem, I suspect, is that bpf(4) does not exist in the jail.
> >>
> >>It's there:
> >>
> >># ls -lh /dev/b*
> >>crw-------  1 root  wheel   0x12 Jul 24 21:00 /dev/bpf
> >>lrwxr-xr-x  1 root  wheel     3B Jul 24 20:08 /dev/bpf0 -> bpf
> >>
> >
> >This is within the jail?
>=20
> Yes.  It also has allow.raw_sockets=3D1.

Well, I ask, because I think bpf(4) should *not* exist in the jail
even with allow.raw_sockets=3D1.

    # sysctl security.jail.allow_raw_sockets
    security.jail.allow_raw_sockets: 1
    # ls /dev/bpf*
    ls: No match.

Glen


--Qesg98+uAFykT7J8
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJT0dL4AAoJELls3eqvi17QdBsP/1Fe/R2S277BhySbvuRAIoUL
sMota9sir8x9g7PwC8h8bMJisxzS2iqG9suyntXA3qi4BvhrlNK2C/nFi4c2DI3C
jE5iGkJQw9Wrp4mSK4kJP/3kdaW/XtJSnF/1w0+jvCxSKxpSYWyqHZ0oHcY1XssO
ZlzY6a6b+XsTq1+t7xTHy4BJNU3EFBXIwmT8FdzlcFuUa4BeDdh0AjjvrWiHr+Eh
7HT8QZ6yAnqqvDlq8pz2f9TMLODV9AF8YQ0xHS214NjsmnmnkOF/RJiZRt3Mm/aA
qdB96YtkhbsD0kDpOAJ+u3lBXVv4O2dwRCOoyzRuqU8cLFDzj2BXcRvsHJ8Xvui7
tks0OVkmUsRzU9i9xBwbodGq5Z0hQqgq46vEJfm1KVGFxMbCMogn6kUGamZlMX9R
M393/Lpu7cMj4V+wbOpqL/QamOhFnxLx0mfmiLidOHdGGd5Od9Q2VqnxCeF01hts
XhcZssoLPjmUvbXJG7E840q51KgEoiRxMtm7i7nAKsJ2RxJyw2JjB7wgAMhOOa+k
0k7YYBncy1R4lwOQBvUJxXbWyWGzriaPsE79rykPhmgUL/efXA3+HHx1ZhO4t6A5
HK9FVLQFF5rfXirrELTgI7K+hdTLo3ffnvH7Uyr+auwD33U+v5l3PWfdOI8iQ86k
RFPgpQuUVRr9+/2/rfFS
=yHw8
-----END PGP SIGNATURE-----

--Qesg98+uAFykT7J8--

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20140725034600.GA1065>