svn commit: r271545 - in head/etc: . rc.d
Hiroki Sato
hrs at FreeBSD.org
Sat Sep 13 18:54:17 UTC 2014
Author: hrs
Date: Sat Sep 13 18:54:15 2014
New Revision: 271545
URL: http://svnweb.freebsd.org/changeset/base/271545
Log:
Do not set net.inet.ip.{sourceroute,accept_sourceroute} in a vnet jail.
The following warnings were displayed:
sysctl: net.inet.ip.sourceroute=0: Operation not permitted
sysctl: net.inet.ip.accept_sourceroute=0: Operation not permitted
Modified:
head/etc/rc.d/routing
head/etc/rc.subr
Modified: head/etc/rc.d/routing
==============================================================================
--- head/etc/rc.d/routing Sat Sep 13 18:41:24 2014 (r271544)
+++ head/etc/rc.d/routing Sat Sep 13 18:54:15 2014 (r271545)
@@ -326,20 +326,22 @@ options_inet()
${SYSCTL} net.inet.ip.forwarding=0 > /dev/null
fi
- if checkyesno forward_sourceroute; then
- ropts_init inet
- echo -n ' do source routing=YES'
- ${SYSCTL} net.inet.ip.sourceroute=1 > /dev/null
- else
- ${SYSCTL} net.inet.ip.sourceroute=0 > /dev/null
- fi
-
- if checkyesno accept_sourceroute; then
- ropts_init inet
- echo -n ' accept source routing=YES'
- ${SYSCTL} net.inet.ip.accept_sourceroute=1 > /dev/null
- else
- ${SYSCTL} net.inet.ip.accept_sourceroute=0 > /dev/null
+ if ! check_jail vnet; then
+ if checkyesno forward_sourceroute; then
+ ropts_init inet
+ echo -n ' do source routing=YES'
+ ${SYSCTL} net.inet.ip.sourceroute=1 > /dev/null
+ else
+ ${SYSCTL} net.inet.ip.sourceroute=0 > /dev/null
+ fi
+
+ if checkyesno accept_sourceroute; then
+ ropts_init inet
+ echo -n ' accept source routing=YES'
+ ${SYSCTL} net.inet.ip.accept_sourceroute=1 > /dev/null
+ else
+ ${SYSCTL} net.inet.ip.accept_sourceroute=0 > /dev/null
+ fi
fi
if checkyesno arpproxy_all; then
Modified: head/etc/rc.subr
==============================================================================
--- head/etc/rc.subr Sat Sep 13 18:41:24 2014 (r271544)
+++ head/etc/rc.subr Sat Sep 13 18:54:15 2014 (r271545)
@@ -1966,6 +1966,22 @@ check_required_after()
return 0
}
+# check_jail mib
+# Return true if security.jail.$mib exists and set to 1.
+
+check_jail()
+{
+ local _mib _v
+
+ _mib=$1
+ if _v=$(${SYSCTL_N} "security.jail.$_mib" 2> /dev/null); then
+ case $_v in
+ 1) return 0;;
+ esac
+ fi
+ return 1
+}
+
# check_kern_features mib
# Return existence of kern.features.* sysctl MIB as true or
# false. The result will be cached in $_rc_cache_kern_features_
More information about the svn-src-all
mailing list