Date: Mon, 03 Mar 2025 10:34:46 +0000 From: bugzilla-noreply@freebsd.org To: jail@FreeBSD.org Subject: [Bug 169751] [jail] reading routing information does not work in jails Message-ID: <bug-169751-29815-jQCtUPhtg6@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-169751-29815@https.bugs.freebsd.org/bugzilla/> References: <bug-169751-29815@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D169751 crest@rlwinm.de changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |crest@rlwinm.de --- Comment #4 from crest@rlwinm.de --- Processes attached to a vnet enabled jail can even write their jail's routi= ng tables according to their privileges. This needs proper documentation of the intended behaviour with AF_ROUTE and netlink. For anyone writing tools that jail_attach() jail_set(JAIL_ATTACH) themselves (e.g. adding a -j <jname> op= tion to an existing networking command) it would also be relevant what happens w= hen create the socket before attaching. Would you be prevented from attaching to the jail? Would you smuggle in the capability to read (or worse modify) the parent/host networking? If the jail is assigned a FIB is it possible to que= ry that FIB and make it the processes default FIB before or after attaching to= the jail? --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-169751-29815-jQCtUPhtg6>