Bug #1007
closedpatch to add jail.allow_raw_sockets sysctl
0%
Description
Ive created this little diff that lets you specify whether or not you
want jails to allow raw sockets(I wanted it because I got tired of
ping not working from inside my jails). It defaults to the same
behavior as now which is to not allow jails to create raw sockets.
http://www.kevinlkane.com/~kevin/allow_raw_sockets.diff
Thanks,
Kevin
Updated by dillon over 16 years ago
:Ive created this little diff that lets you specify whether or not you
:want jails to allow raw sockets(I wanted it because I got tired of
:ping not working from inside my jails). It defaults to the same
:behavior as now which is to not allow jails to create raw sockets.
:
:http://www.kevinlkane.com/~kevin/allow_raw_sockets.diff
:
:Thanks,
:Kevin
:--
:Kevin L. Kane
:kevin.kane at gmail.com
Committed!
-Matt
Matthew Dillon
<dillon@backplane.com>
Updated by hsu1 over 16 years ago
+ int flag;
flag = NULL_CRED_OKAY;
if( jailed(ai->p_ucred) && jail_allow_raw_sockets )
+ flag = flag | PRISON_ROOT;
Slight style corrections:
int flag = NULL_CRED_OKAY;
if (jailed(ai->p_ucred) && jail_allow_raw_sockets)
flag = flag | PRISON_ROOT;
Updated by dillon over 16 years ago
:
:Slight style corrections:
:
: int flag = NULL_CRED_OKAY;
:
: if (jailed(ai->p_ucred) && jail_allow_raw_sockets)
: flag = flag | PRISON_ROOT;
:
Plus I also forgot the ipv6 part of the patch. I adjusted it but
I used a slightly different format.
-Matt
Matthew Dillon
<dillon@backplane.com>