Project

General

Profile

Actions

Bug #1007

closed

patch to add jail.allow_raw_sockets sysctl

Added by kevin.kane over 13 years ago. Updated over 13 years ago.

Status:
Closed
Priority:
Low
Assignee:
-
Category:
-
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:

Description

Ive created this little diff that lets you specify whether or not you
want jails to allow raw sockets(I wanted it because I got tired of
ping not working from inside my jails). It defaults to the same
behavior as now which is to not allow jails to create raw sockets.

http://www.kevinlkane.com/~kevin/allow_raw_sockets.diff

Thanks,
Kevin

Actions #1

Updated by dillon over 13 years ago

:Ive created this little diff that lets you specify whether or not you
:want jails to allow raw sockets(I wanted it because I got tired of
:ping not working from inside my jails). It defaults to the same
:behavior as now which is to not allow jails to create raw sockets.
:
:http://www.kevinlkane.com/~kevin/allow_raw_sockets.diff
:
:Thanks,
:Kevin
:--
:Kevin L. Kane
:kevin.kane at gmail.com

Committed!
-Matt
Matthew Dillon
<>
Actions #2

Updated by hsu1 over 13 years ago

+ int flag;

flag = NULL_CRED_OKAY;

if( jailed(ai->p_ucred) && jail_allow_raw_sockets )
+ flag = flag | PRISON_ROOT;

Slight style corrections:

int flag = NULL_CRED_OKAY;
if (jailed(ai->p_ucred) && jail_allow_raw_sockets)
flag = flag | PRISON_ROOT;
Actions #3

Updated by dillon over 13 years ago

:
:Slight style corrections:
:
: int flag = NULL_CRED_OKAY;
:
: if (jailed(ai->p_ucred) && jail_allow_raw_sockets)
: flag = flag | PRISON_ROOT;
:

Plus I also forgot the ipv6 part of the patch.  I adjusted it but
I used a slightly different format.
-Matt
Matthew Dillon
<>
Actions

Also available in: Atom PDF