RFC: Enabling VIMAGE in GENERIC
Bjoern A. Zeeb
bz at FreeBSD.org
Wed Nov 19 14:05:41 UTC 2014
On 19 Nov 2014, at 03:28 , Craig Rodrigues <rodrigc at FreeBSD.org> wrote:
>
> (6) Ask clusteradm to run one of the machines they use
> for PF firewalls + IPv6 with a VIMAGE enabled kernel, and provide
> feedback.
For people to use pf with VIMAGE we first MUST have the security fix imported that I pointed out a couple of times in the past.
It won’t matter on the firewalls with just a VIMAGE enabled kernel but using VIMAGE + pf inside a jail (once that really works if it doesn’t already) will allow everyone how can administer pf inside the jail to take over the entire machine otherwise.
—
Bjoern A. Zeeb "Come on. Learn, goddamn it.", WarGames, 1983
More information about the freebsd-net
mailing list