From owner-freebsd-jail@FreeBSD.ORG Fri May 28 02:02:34 2010 Return-Path: Delivered-To: jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 2667D106566C for ; Fri, 28 May 2010 02:02:34 +0000 (UTC) (envelope-from jhellenthal@gmail.com) Received: from mail-yw0-f190.google.com (mail-yw0-f190.google.com [209.85.211.190]) by mx1.freebsd.org (Postfix) with ESMTP id CF31E8FC12 for ; Fri, 28 May 2010 02:02:33 +0000 (UTC) Received: by ywh28 with SMTP id 28so361117ywh.28 for ; Thu, 27 May 2010 19:02:33 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:sender:message-id:date:from :user-agent:mime-version:to:cc:subject:references:in-reply-to :x-enigmail-version:openpgp:content-type:content-transfer-encoding; bh=/4vgkCq/eL+LaUhehm9WY1OoJDwbXC59vfOsSP6uiRo=; b=RVOzub+RHRuKe8ImkJFfcbi9JltZ/M2EgTCrpe5wBcCBkACzsgRmQhECivMfl/kdeW AO9UBP5geT5Dba2BenxpOGsVBZPDRrl3z4ifeyJh09sIkX7cPHLf64wB9etYBmrjTjjC 7lL/FJfAFnrWFCK1+CfGoKDXV6DjVejDEjKl4= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=sender:message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:x-enigmail-version:openpgp:content-type :content-transfer-encoding; b=Jybms3/+MParXzUjFaf+yrMjBNN//XHEdVYA19lstilDFPbr9zRwzW3M9RYqKsWULf SVo56bK/qLNxjsI998b0lAB6jyf9cfwVEzr4Cbvtskl87y7KXD933j396cug/9uV8Wr+ lJQem/mbpcUENkPNvDD9twcfXsN2Pm/INHjIo= Received: by 10.231.158.130 with SMTP id f2mr2463829ibx.40.1275010304417; Thu, 27 May 2010 18:31:44 -0700 (PDT) Received: from centel.dataix.local (adsl-99-19-40-41.dsl.klmzmi.sbcglobal.net [99.19.40.41]) by mx.google.com with ESMTPS id f1sm8240232ibg.9.2010.05.27.18.31.43 (version=SSLv3 cipher=RC4-MD5); Thu, 27 May 2010 18:31:43 -0700 (PDT) Sender: "J. Hellenthal" Message-ID: <4BFF1CFD.1010108@dataix.net> Date: Thu, 27 May 2010 21:31:41 -0400 From: jhell User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.9.1.9) Gecko/20100515 Thunderbird MIME-Version: 1.0 To: Glen Barber References: <20100525175412.GA75052@orion.glenbarber.us> In-Reply-To: <20100525175412.GA75052@orion.glenbarber.us> X-Enigmail-Version: 1.0.1 OpenPGP: id=89D8547E Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: jail@freebsd.org Subject: Re: jail(8) allow.socket_af, unknown oid X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 28 May 2010 02:02:34 -0000 On 05/25/2010 13:54, Glen Barber wrote: > Hi, > > The jail(8) man page has an entry under 'allow.*', allow.socket_af, which > states to allow access to protocol stacks that have not had jail functionality > added to them. > > However, though socket_af exists in sys/kern/kern_jail.c, the sysctl itself > does not exist on my system: > > orion# sysctl -a | grep socket > kern.ipc.maxsockets: 25600 > kern.ipc.numopensockets: 35 > security.jail.allow_raw_sockets: 0 > security.jail.socket_unixiproute_only: 1 > > Is this sysctl missing, or is it not a tunable? > > Regards, > sysctl -A security.jail.param.allow Please see -A option to sysctl(1) Although doing anything with the output from that probably will not help you much. -- jhell