From owner-cvs-all@FreeBSD.ORG  Mon Apr 26 12:46:53 2004
Return-Path: <owner-cvs-all@FreeBSD.ORG>
Delivered-To: cvs-all@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id 37BF516A4D0; Mon, 26 Apr 2004 12:46:53 -0700 (PDT)
Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id 31AA743D2F; Mon, 26 Apr 2004 12:46:53 -0700 (PDT)
	(envelope-from bmilekic@FreeBSD.org)
Received: from repoman.freebsd.org (localhost [127.0.0.1])
	by repoman.freebsd.org (8.12.10/8.12.10) with ESMTP id i3QJkrGe090161;
	Mon, 26 Apr 2004 12:46:53 -0700 (PDT)
	(envelope-from bmilekic@repoman.freebsd.org)
Received: (from bmilekic@localhost)
	by repoman.freebsd.org (8.12.10/8.12.10/Submit) id i3QJkqTK090160;
	Mon, 26 Apr 2004 12:46:52 -0700 (PDT)
	(envelope-from bmilekic)
Message-Id: <200404261946.i3QJkqTK090160@repoman.freebsd.org>
From: Bosko Milekic <bmilekic@FreeBSD.org>
Date: Mon, 26 Apr 2004 12:46:52 -0700 (PDT)
To: src-committers@FreeBSD.org, cvs-src@FreeBSD.org,
	cvs-all@FreeBSD.org
X-FreeBSD-CVS-Branch: HEAD
Subject: cvs commit: src/sys/kern kern_jail.c src/sys/net rtsock.c
 src/sys/netinet raw_ip.c src/sys/sys jail.h
X-BeenThere: cvs-all@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: CVS commit messages for the entire tree <cvs-all.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-all>,
	<mailto:cvs-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/cvs-all>
List-Post: <mailto:cvs-all@freebsd.org>
List-Help: <mailto:cvs-all-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-all>,
	<mailto:cvs-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 26 Apr 2004 19:46:53 -0000

bmilekic    2004/04/26 12:46:52 PDT

  FreeBSD src repository

  Modified files:
    sys/kern             kern_jail.c 
    sys/net              rtsock.c 
    sys/netinet          raw_ip.c 
    sys/sys              jail.h 
  Log:
  Give jail(8) the feature to allow raw sockets from within a
  jail, which is less restrictive but allows for more flexible
  jail usage (for those who are willing to make the sacrifice).
  The default is off, but allowing raw sockets within jails can
  now be accomplished by tuning security.jail.allow_raw_sockets
  to 1.
  
  Turning this on will allow you to use things like ping(8)
  or traceroute(8) from within a jail.
  
  The patch being committed is not identical to the patch
  in the PR.  The committed version is more friendly to
  APIs which pjd is working on, so it should integrate
  into his work quite nicely.  This change has also been
  presented and addressed on the freebsd-hackers mailing
  list.
  
  Submitted by: Christian S.J. Peron <maneo@bsdpro.com>
  PR: kern/65800
  
  Revision  Changes    Path
  1.42      +5 -0      src/sys/kern/kern_jail.c
  1.108     +13 -2     src/sys/net/rtsock.c
  1.129     +31 -2     src/sys/netinet/raw_ip.c
  1.21      +1 -0      src/sys/sys/jail.h