From owner-cvs-src-old@FreeBSD.ORG  Mon Dec 28 14:42:23 2009
Return-Path: <owner-cvs-src-old@FreeBSD.ORG>
Delivered-To: cvs-src-old@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id A1758106566B
	for <cvs-src-old@freebsd.org>; Mon, 28 Dec 2009 14:42:23 +0000 (UTC)
	(envelope-from bz@FreeBSD.org)
Received: from repoman.freebsd.org (repoman.freebsd.org
	[IPv6:2001:4f8:fff6::29])
	by mx1.freebsd.org (Postfix) with ESMTP id 8D3E18FC0A
	for <cvs-src-old@freebsd.org>; Mon, 28 Dec 2009 14:42:23 +0000 (UTC)
Received: from repoman.freebsd.org (localhost [127.0.0.1])
	by repoman.freebsd.org (8.14.3/8.14.3) with ESMTP id nBSEgN3Z096209
	for <cvs-src-old@freebsd.org>; Mon, 28 Dec 2009 14:42:23 GMT
	(envelope-from bz@repoman.freebsd.org)
Received: (from svn2cvs@localhost)
	by repoman.freebsd.org (8.14.3/8.14.3/Submit) id nBSEgNp3096208
	for cvs-src-old@freebsd.org; Mon, 28 Dec 2009 14:42:23 GMT
	(envelope-from bz@repoman.freebsd.org)
Message-Id: <200912281442.nBSEgNp3096208@repoman.freebsd.org>
X-Authentication-Warning: repoman.freebsd.org: svn2cvs set sender to
	bz@repoman.freebsd.org using -f
From: "Bjoern A. Zeeb" <bz@FreeBSD.org>
Date: Mon, 28 Dec 2009 14:40:58 +0000 (UTC)
To: cvs-src-old@freebsd.org
X-FreeBSD-CVS-Branch: RELENG_8
Subject: cvs commit: src/sys/kern kern_jail.c src/sys/net rtsock.c
 src/sys/netinet raw_ip.c src/sys/netinet6 raw_ip6.c src/sys/sys
 jail.h
X-BeenThere: cvs-src-old@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: **OBSOLETE** CVS commit messages for the src tree
	<cvs-src-old.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-src-old>,
	<mailto:cvs-src-old-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/cvs-src-old>
List-Post: <mailto:cvs-src-old@freebsd.org>
List-Help: <mailto:cvs-src-old-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-src-old>,
	<mailto:cvs-src-old-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 28 Dec 2009 14:42:23 -0000

bz          2009-12-28 14:40:58 UTC

  FreeBSD src repository

  Modified files:        (Branch: RELENG_8)
    sys/kern             kern_jail.c 
    sys/net              rtsock.c 
    sys/netinet          raw_ip.c 
    sys/netinet6         raw_ip6.c 
    sys/sys              jail.h 
  Log:
  SVN rev 201128 on 2009-12-28 14:40:58Z by bz
  
  MFC r200473:
  
    Throughout the network stack we have a few places of
          if (jailed(cred))
    left.  If you are running with a vnet (virtual network stack) those will
    return true and defer you to classic IP-jails handling and thus things
    will be "denied" or returned with an error.
  
    Work around this problem by introducing another "jailed()" function,
    jailed_without_vnet(), that also takes vnets into account, and permits
    the calls, should the jail from the given cred have its own virtual
    network stack.
  
    We cannot change the classic jailed() call to do that,  as it is used
    outside the network stack as well.
  
    Discussed with:       julian, zec, jamie, rwatson (back in Sept)
  
  Revision   Changes    Path
  1.118.2.7  +24 -1     src/sys/kern/kern_jail.c
  1.181.2.5  +2 -2      src/sys/net/rtsock.c
  1.220.2.5  +2 -2      src/sys/netinet/raw_ip.c
  1.111.2.3  +1 -1      src/sys/netinet6/raw_ip6.c
  1.50.2.3   +1 -0      src/sys/sys/jail.h