From owner-freebsd-bugs@FreeBSD.ORG  Thu Jul 29 03:00:15 2010
Return-Path: <owner-freebsd-bugs@FreeBSD.ORG>
Delivered-To: freebsd-bugs@hub.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id B79DD106564A
	for <freebsd-bugs@hub.freebsd.org>;
	Thu, 29 Jul 2010 03:00:15 +0000 (UTC)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org
	[IPv6:2001:4f8:fff6::28])
	by mx1.freebsd.org (Postfix) with ESMTP id 6D6D48FC19
	for <freebsd-bugs@hub.freebsd.org>;
	Thu, 29 Jul 2010 03:00:15 +0000 (UTC)
Received: from freefall.freebsd.org (localhost [127.0.0.1])
	by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id o6T30FjG009809
	for <freebsd-bugs@freefall.freebsd.org>; Thu, 29 Jul 2010 03:00:15 GMT
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.14.4/8.14.4/Submit) id o6T30FHp009808;
	Thu, 29 Jul 2010 03:00:15 GMT (envelope-from gnats)
Resent-Date: Thu, 29 Jul 2010 03:00:15 GMT
Resent-Message-Id: <201007290300.o6T30FHp009808@freefall.freebsd.org>
Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer)
Resent-To: freebsd-bugs@FreeBSD.org
Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org,
	"Matthew N. Dodd" <mdodd@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 7B2BA1065675
	for <FreeBSD-gnats-submit@freebsd.org>;
	Thu, 29 Jul 2010 02:52:09 +0000 (UTC)
	(envelope-from mdodd@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org
	[IPv6:2001:4f8:fff6::28])
	by mx1.freebsd.org (Postfix) with ESMTP id 6A0738FC15
	for <FreeBSD-gnats-submit@freebsd.org>;
	Thu, 29 Jul 2010 02:52:09 +0000 (UTC)
Received: from freefall.freebsd.org (localhost [127.0.0.1])
	by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id o6T2q9QC009623
	for <FreeBSD-gnats-submit@freebsd.org>; Thu, 29 Jul 2010 02:52:09 GMT
	(envelope-from mdodd@freefall.freebsd.org)
Received: (from mdodd@localhost)
	by freefall.freebsd.org (8.14.4/8.14.4/Submit) id o6T2q9lU009622;
	Thu, 29 Jul 2010 02:52:09 GMT (envelope-from mdodd)
Message-Id: <201007290252.o6T2q9lU009622@freefall.freebsd.org>
Date: Thu, 29 Jul 2010 02:52:09 GMT
From: "Matthew N. Dodd" <mdodd@FreeBSD.org>
To: FreeBSD-gnats-submit@FreeBSD.org
X-Send-Pr-Version: 3.113
Cc: 
Subject: conf/149050: rcorder ``nojail'' too coarse for Jail+VNET 
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: "Matthew N. Dodd" <mdodd@FreeBSD.org>
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 29 Jul 2010 03:00:15 -0000


>Number:         149050
>Category:       conf
>Synopsis:       rcorder ``nojail'' too coarse for Jail+VNET
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Jul 29 03:00:15 UTC 2010
>Closed-Date:
>Last-Modified:
>Originator:     Matthew N. Dodd
>Release:        
>Organization:
>Environment:
>Description:
	When using jail & vnet the init script KEYWORD ``nojail''
	is not fine grained enough to control selection of 
	startup scripts.
>How-To-Repeat:
	
>Fix:
	Patch exposes PR_VNET flag via sysctl 'security.jail.vnet'
	in the same manner as 'security.jail.jailed.'

	rc & rc.shutdown updated to emit 'nojailvnet' for jails
	without vnets.

	Select init scripts altered nojail->nojailvnet.

	
>Release-Note:
>Audit-Trail:
>Unformatted:
 Release:	FreeBSD 8.1-STABLE i386
 >System: FreeBSD neo-sasami.jurai.net 8.1-STABLE FreeBSD 8.1-STABLE #7: Wed Jul 28 21:31:22 EDT 2010     root@neo-sasami.jurai.net:/usr/src/sys/i386/compile/DL380G3  i386
 
 	<machine, os, target, libraries (multiple lines)>