Date: Wed, 14 Oct 2020 19:00:19 -0300 From: carlos antonio neira bustos <cneirabustos@gmail.com> To: freebsd-net <freebsd-net@freebsd.org>, FreeBSD Hackers <freebsd-hackers@freebsd.org> Subject: Allow PING(8) in jails without raw socket access permissions Message-ID: <CACiB22jQTwR=yJQG8hxBuVU=xbn-rpJ1PZVQ=7xPzEV8en90=A@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
Hello, I have currently a patch in review with jamie which is the current jail maintainer and kyle evans, if anyone else could comment/review this patch : https://reviews.freebsd.org/D26782 What has been done is the following : Raw socket access is allowed for ICMP protocol as is required by PING(8) but option IP_HDRINCL is not allowed. to accomplish this a new privilege PRIV_NETINET_ICMP_ACCESS has been added by default for jails. Bests
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CACiB22jQTwR=yJQG8hxBuVU=xbn-rpJ1PZVQ=7xPzEV8en90=A>