Bug #1007
patch to add jail.allow_raw_sockets sysctl
| Status: | Closed | Start date: | ||
|---|---|---|---|---|
| Priority: | Low | Due date: | ||
| Assignee: | - | % Done: | 0% |
|
| Category: | - | |||
| Target version: | - |
Description
Ive created this little diff that lets you specify whether or not you
want jails to allow raw sockets(I wanted it because I got tired of
ping not working from inside my jails). It defaults to the same
behavior as now which is to not allow jails to create raw sockets.
http://www.kevinlkane.com/~kevin/allow_raw_sockets.diff
Thanks,
Kevin
Related todos
History
Updated by dillon about 5 years ago
:Ive created this little diff that lets you specify whether or not you
:want jails to allow raw sockets(I wanted it because I got tired of
:ping not working from inside my jails). It defaults to the same
:behavior as now which is to not allow jails to create raw sockets.
:
:http://www.kevinlkane.com/~kevin/allow_raw_sockets.diff
:
:Thanks,
:Kevin
:--
:Kevin L. Kane
:kevin.kane at gmail.com
Committed!
-Matt
Matthew Dillon
<dillon@backplane.com>
Updated by hsu1 about 5 years ago
+ int flag;
+
+ flag = NULL_CRED_OKAY;
+
+ if( jailed(ai->p_ucred) && jail_allow_raw_sockets )
+ flag = flag | PRISON_ROOT;
Slight style corrections:
int flag = NULL_CRED_OKAY;
if (jailed(ai->p_ucred) && jail_allow_raw_sockets)
flag = flag | PRISON_ROOT;
Updated by dillon about 5 years ago
:
:Slight style corrections:
:
: int flag = NULL_CRED_OKAY;
:
: if (jailed(ai->p_ucred) && jail_allow_raw_sockets)
: flag = flag | PRISON_ROOT;
:
Plus I also forgot the ipv6 part of the patch. I adjusted it but
I used a slightly different format.
-Matt
Matthew Dillon
<dillon@backplane.com>