Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 07 Jun 2017 07:05:24 -0400
From:      Allan Jude <allanjude@FreeBSD.org>
To:        Fabian Keil <freebsd-listen@fabiankeil.de>
Cc:        svn-src-all@freebsd.org
Subject:   Re: svn commit: r319611 - in head: sys/kern sys/sys usr.sbin/jail
Message-ID:  <3D906167-AC44-4BA5-B8ED-5E793D492BC0@FreeBSD.org>
In-Reply-To: <20170606114425.126fd846@fabiankeil.de>
References:  <201706060215.v562F167035683@repo.freebsd.org> <20170606114425.126fd846@fabiankeil.de>
next in thread | previous in thread | raw e-mail | index | archive | help 
On June 6, 2017 5:44:25 AM EDT, Fabian Keil <freebsd-listen@fabiankeil=2Ede=
> wrote:
>Allan Jude <allanjude@FreeBSD=2Eorg> wrote:
>
>> Author: allanjude
>> Date: Tue Jun  6 02:15:00 2017
>> New Revision: 319611
>> URL: https://svnweb=2Efreebsd=2Eorg/changeset/base/319611
>>=20
>> Log:
>>   Jails: Optionally prevent jailed root from binding to privileged
>ports
>>  =20
>>   You may now optionally specify allow=2Enoreserved_ports to prevent
>root
>>   inside a jail from using privileged ports (less than 1024)
>>  =20
>>   PR:		217728
>>   Submitted by:	Matt Miller <mattm916@pulsar=2Eneomailbox=2Ech>
>>   Reviewed by:	jamie, cem, smh
>>   Relnotes:	yes
>>   Differential Revision:	https://reviews=2Efreebsd=2Eorg/D10202
>>=20
>> Modified:
>>   head/sys/kern/kern_jail=2Ec
>>   head/sys/sys/jail=2Eh
>>   head/usr=2Esbin/jail/jail=2E8
>[=2E=2E=2E]
>> @@ -611,6 +613,8 @@ with non-jailed parts of the system=2E
>>  Sockets within a jail are normally restricted to IPv4, IPv6, local
>>  (UNIX), and route=2E  This allows access to other protocol stacks that
>>  have not had jail functionality added to them=2E
>> +=2EIt Va allow=2Ereserved_ports
>> +The jail root may bind to ports lower than 1024=2E=20
>
>This description seems to imply that net=2Einet=2Eip=2Eportrange=2Ereserv=
edhigh
>isn't honoured while it actually is=2E
>
>Fabian

I think the confusion here is: this option prevents root in the jail from =
using reserved ports=2E Nonroot users are always restricted
--=20
Allan Jude

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3D906167-AC44-4BA5-B8ED-5E793D492BC0>