Anyone interested in jail patches?
Frank Behrens
frank at harz.behrens.de
Thu Nov 27 13:18:45 PST 2008
Hi Bjoern,
thanks for the good news!
Bjoern A. Zeeb <bzeeb-lists at lists.zabbadoz.net> wrote on 26 Nov 2008 23:56:
> 2b) for RELENG_7:
> http://people.freebsd.org/~bz/bz_jail7-20081126-02-at153644.diff
I already used your patch from May 2008 in production without any
problems. The update was no problem, you patch applied cleanly to
current sources.
Until now I could not see any regression in jail handling compared to
the version from May, so I would say: good work. (Source address
handling is another topic and another thread.)
There is still a question left: In earlier version we had a sysctl
security.jail.jailed_sockets_first. This sysctl was removed, so I
assume it is "built-in" now, eventually I did not see any problems.
On the other side I still read in the patched jail(2) man page:
"Similarly, it might be a good idea to add an address alias flag such
that daemons listening on all IPs (INADDR_ANY) will not bind on that
address...". Can you explain the current behaviour?
I did not test your patch with multiple IPv4 adresses, but jails are
working well with an IPv4 and IPv6 address. I would like to see this
functionality in RELENG_7.
Thanks again for your good work, I believe many FreeBSD users will
appreciate this long missed feature.
Frank
--
Frank Behrens, Osterwieck, Germany
PGP-key 0x5B7C47ED on public servers available.
More information about the freebsd-jail
mailing list