Date: Sat, 3 Jun 2000 21:28:32 -0700 (PDT) From: Robert Watson <rwatson@FreeBSD.org> To: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: src/sys/kern kern_jail.c kern_resource.c uipc_socket.c src/sys/sys jail.h Message-ID: <200006040428.VAA36897@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
rwatson 2000/06/03 21:28:32 PDT
Modified files:
sys/kern kern_jail.c kern_resource.c uipc_socket.c
sys/sys jail.h
Log:
o Modify jail to limit creation of sockets to UNIX domain sockets,
TCP/IP (v4) sockets, and routing sockets. Previously, interaction
with IPv6 was not well-defined, and might be inappropriate for some
environments. Similarly, sysctl MIB entries providing interface
information also give out only addresses from those protocol domains.
For the time being, this functionality is enabled by default, and
toggleable using the sysctl variable jail.socket_unixiproute_only.
In the future, protocol domains will be able to determine whether or
not they are ``jail aware''.
o Further limitations on process use of getpriority() and setpriority()
by jailed processes. Addresses problem described in kern/17878.
Reviewed by: phk, jmg
Revision Changes Path
1.7 +9 -2 src/sys/kern/kern_jail.c
1.56 +14 -6 src/sys/kern/kern_resource.c
1.73 +10 -1 src/sys/kern/uipc_socket.c
1.9 +2 -1 src/sys/sys/jail.h
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200006040428.VAA36897>