From owner-freebsd-questions@FreeBSD.ORG  Tue Feb 18 20:38:52 2014
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id C12DCF56
 for <freebsd-questions@freebsd.org>; Tue, 18 Feb 2014 20:38:52 +0000 (UTC)
Received: from m2.gritton.org (gritton.org [199.192.164.235])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by mx1.freebsd.org (Postfix) with ESMTPS id 9DAD61206
 for <freebsd-questions@freebsd.org>; Tue, 18 Feb 2014 20:38:51 +0000 (UTC)
Received: from [192.168.0.34] (c-50-168-192-61.hsd1.ut.comcast.net
 [50.168.192.61]) (authenticated bits=0)
 by m2.gritton.org (8.14.7/8.14.7) with ESMTP id s1IKcpDX047240;
 Tue, 18 Feb 2014 13:38:51 -0700 (MST)
 (envelope-from jamie@freebsd.org)
Message-ID: <5303C4D5.80007@freebsd.org>
Date: Tue, 18 Feb 2014 13:38:45 -0700
From: James Gritton <jamie@freebsd.org>
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64;
 rv:24.0) Gecko/20100101 Thunderbird/24.3.0
MIME-Version: 1.0
To: "freebsd-questions@freebsd.org" <freebsd-questions@freebsd.org>
Subject: Re: security.jail.param.allow.socket_af=1
References: <CAJxePNJZaVF42iQ+iFr=wcB6UEg7UToQV-pc26kXOvccx_SgZA@mail.gmail.com>
In-Reply-To: <CAJxePNJZaVF42iQ+iFr=wcB6UEg7UToQV-pc26kXOvccx_SgZA@mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: alexus <alexus@gmail.com>
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions/>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 18 Feb 2014 20:38:52 -0000

On 2/16/2014 2:15 PM, alexus wrote:
> I'm trying to change following and for whatever reason it won't allow me to
> do so:
>
> root@fx:~ # sysctl security.jail.param.allow.socket_af=1
> security.jail.param.allow.socket_af: 0 -> 0
> root@fx:~ #
>
> any ideas?
> Thanks!

The security.jail.param.* sysctls are informational only - and the
only information they provide is the names and types of the jail
parameters (which is used by jail(8)).  Instead of trying to set the
sysctl as some sort of global value, you want to instead set the
parameter itself.  Whether inside a jail definition, or perhaps as a
global outside of any jail definitions, you should include:

allow.socket_af;

in /etc/jail.conf.  See jail(8) and jail.conf(5) for the background on this.

- Jamie