Bug #1007

patch to add jail.allow_raw_sockets sysctl

Added by kevin.kane almost 6 years ago. Updated over 5 years ago.

Status:ClosedStart date:
Priority:LowDue date:
Assignee:-% Done:

0%

Category:-
Target version:-

Description

Ive created this little diff that lets you specify whether or not you
want jails to allow raw sockets(I wanted it because I got tired of
ping not working from inside my jails). It defaults to the same
behavior as now which is to not allow jails to create raw sockets.

http://www.kevinlkane.com/~kevin/allow_raw_sockets.diff

Thanks,
Kevin

History

#1 Updated by dillon almost 6 years ago

:Ive created this little diff that lets you specify whether or not you
:want jails to allow raw sockets(I wanted it because I got tired of
:ping not working from inside my jails). It defaults to the same
:behavior as now which is to not allow jails to create raw sockets.
:
:http://www.kevinlkane.com/~kevin/allow_raw_sockets.diff
:
:Thanks,
:Kevin
:--
:Kevin L. Kane
:kevin.kane at gmail.com

Committed!

-Matt
Matthew Dillon
<>

#2 Updated by hsu1 almost 6 years ago

+ int flag;
+
+ flag = NULL_CRED_OKAY;
+
+ if( jailed(ai->p_ucred) && jail_allow_raw_sockets )
+ flag = flag | PRISON_ROOT;

Slight style corrections:

int flag = NULL_CRED_OKAY;

if (jailed(ai->p_ucred) && jail_allow_raw_sockets)
flag = flag | PRISON_ROOT;

#3 Updated by dillon almost 6 years ago

:
:Slight style corrections:
:
: int flag = NULL_CRED_OKAY;
:
: if (jailed(ai->p_ucred) && jail_allow_raw_sockets)
: flag = flag | PRISON_ROOT;
:

Plus I also forgot the ipv6 part of the patch. I adjusted it but
I used a slightly different format.

-Matt
Matthew Dillon
<>

Also available in: Atom PDF