Date: Wed, 23 Apr 2008 08:07:28 -0400 From: P S Clermont <pascal@clermont.cc> To: =?UTF-8?B?TmVqYyDFoGtvYmVybmU=?= <nejc@skoberne.net> Cc: User Questions <freebsd-questions@freebsd.org>, Hugo Silva <hugo@barafranca.com> Subject: Re: FreeBSD 7.0 jail and Samba 3 Message-ID: <480F2680.40000@clermont.cc> In-Reply-To: <480F243E.2010302@skoberne.net> References: <47F54BB3.1080801@skoberne.net><48071F0E.2020002@skoberne.net> <57200BF94E69E54880C9BB1AF714BBCB5DDDB1@w2003s01.double-l.local> <480DB0E2.3070202@skoberne.net><60553.203.127.42.92.1208860527.squirrel@www.superhero.nl> <480EFF60.3040901@skoberne.net> <57200BF94E69E54880C9BB1AF714BBCB5DDDDC@w2003s01.double-l.local> <480F0C68.9090804@skoberne.net> <480F22F5.5090206@barafranca.com> <480F243E.2010302@skoberne.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Nejc Škoberne wrote: > Hi, > >> I'm not sending this message to the list as I've not been following >> the discussion; I just skimmed thru it. > > I hope you don't mind that I sent it to the list too. > >> I would check too things, a) a firewall (sorry if this has been talked >> about, as I said I didn't read it all) or b) enable raw sockets in >> jails ( security.jail.allow_raw_sockets=1 ). >> >> Let me know if b) works, I plan to setup a samba server on ZFS inside >> a jail when I return home from my travels. > > a) I have no firewall whatsoever running. > b) FreeBSDhost# sysctl -a | grep raw_sockets > security.jail.allow_raw_sockets: 1 > > Thanks, > Nejc I have a samba3 jail serving files, and my sysctl security.jail.allow_raw_sockets=0 Raw sockets allow direct access to the network subsystem.From a security standpoint there's very little reason to allow this and many reasons not to.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?480F2680.40000>