Date: Wed, 29 Jul 2009 11:04:58 -0600 From: Jamie Gritton <jamie@FreeBSD.org> To: Sam Leffler <sam@errno.com> Cc: svn-src-head@FreeBSD.org, svn-src-all@FreeBSD.org, src-committers@FreeBSD.org Subject: Re: svn commit: r195944 - head/sys/kern Message-ID: <4A70813A.6020502@FreeBSD.org> In-Reply-To: <4A707DF5.5050108@errno.com> References: <200907291641.n6TGf2mb076622@svn.freebsd.org> <4A707DF5.5050108@errno.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Sam Leffler wrote: > Jamie Gritton wrote: >> Author: jamie >> Date: Wed Jul 29 16:41:02 2009 >> New Revision: 195944 >> URL: http://svn.freebsd.org/changeset/base/195944 >> >> Log: >> Change the default value of the "ip4" and "ip6" jail parameters to >> "disable", which only allows access to the parent/physical system's >> IP addresses when specifically directed. Change the default value of >> "host" to "new", and don't copy the parent host values, to insulate >> jails from the parent hostname et al. > > This does not say why you're making these changes; please explain. My apologies. The ip4/6 change fixed an error with the old-style command line of jail(8), where specifying IPv4 address(es) but not IPv6 addresses would allow access to the full IPv6 stack, a regression from 7.2 which allows only specifically noted IPv6 addresses. This could have been fixed in jail(8), but the default to act like the current jail implementation even for new-style command lines made more sense, and the kernel is the place for such policy points. The host change arose from a discrepancy between the it and the "linux" parameters that control the Linux MIB entries. These had different defaults for no reason other than I coded them at different times without a lot of thought as to what the most reasonable default would be. I also made a cleaner break with the parent system when one value (typically host.hostname) is set and the others aren't - it didn't make sense to copy some and set others. - Jamie
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4A70813A.6020502>