Date: Mon, 09 Oct 2006 23:11:02 +0200 From: Michal Mertl <mime@traveller.cz> To: freebsd-current <freebsd-current@freebsd.org> Cc: rwatson@freebsd.org Subject: Little patch to mac_portacl(4) Message-ID: <1160428262.1009.58.camel@genius.i.cz>
next in thread | raw e-mail | index | archive | help
--=-U5+5Dmb17NrSoP0dw7du Content-Type: text/plain Content-Transfer-Encoding: 7bit Hello, I have just found out that mac_portacl breaks root binding of low ports in a jail. I think that root in a jail should be allowed to bind to protected ports. Alternatively it can be easily made optional. What do you think? One-line patch attached. Regards Michal --=-U5+5Dmb17NrSoP0dw7du Content-Disposition: attachment; filename=mac_portacl.diff Content-Type: text/x-patch; name=mac_portacl.diff; charset=ISO-8859-2 Content-Transfer-Encoding: 7bit Index: mac_portacl.c =================================================================== RCS file: /home/fcvs/cvs/src/sys/security/mac_portacl/mac_portacl.c,v retrieving revision 1.8 diff -u -r1.8 mac_portacl.c --- mac_portacl.c 31 Oct 2005 15:41:28 -0000 1.8 +++ mac_portacl.c 9 Oct 2006 20:55:28 -0000 @@ -427,7 +427,7 @@ mtx_unlock(&rule_mtx); if (error != 0 && mac_portacl_suser_exempt != 0) - error = suser_cred(cred, 0); + error = suser_cred(cred, SUSER_ALLOWJAIL); return (error); } --=-U5+5Dmb17NrSoP0dw7du--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1160428262.1009.58.camel>