Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 13 Sep 2014 18:54:15 +0000 (UTC)
From:      Hiroki Sato <hrs@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org
Subject:   svn commit: r271545 - in head/etc: . rc.d
Message-ID:  <201409131854.s8DIsF8W084145@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help 
Author: hrs
Date: Sat Sep 13 18:54:15 2014
New Revision: 271545
URL: http://svnweb.freebsd.org/changeset/base/271545

Log:
  Do not set net.inet.ip.{sourceroute,accept_sourceroute} in a vnet jail.
  The following warnings were displayed:
  
   sysctl: net.inet.ip.sourceroute=0: Operation not permitted
   sysctl: net.inet.ip.accept_sourceroute=0: Operation not permitted

Modified:
  head/etc/rc.d/routing
  head/etc/rc.subr

Modified: head/etc/rc.d/routing
==============================================================================
--- head/etc/rc.d/routing	Sat Sep 13 18:41:24 2014	(r271544)
+++ head/etc/rc.d/routing	Sat Sep 13 18:54:15 2014	(r271545)
@@ -326,20 +326,22 @@ options_inet()
 		${SYSCTL} net.inet.ip.forwarding=0 > /dev/null
 	fi
 
-	if checkyesno forward_sourceroute; then
-		ropts_init inet
-		echo -n ' do source routing=YES'
-		${SYSCTL} net.inet.ip.sourceroute=1 > /dev/null
-	else
-		${SYSCTL} net.inet.ip.sourceroute=0 > /dev/null
-	fi
-
-	if checkyesno accept_sourceroute; then
-		ropts_init inet
-		echo -n ' accept source routing=YES'
-		${SYSCTL} net.inet.ip.accept_sourceroute=1 > /dev/null
-	else
-		${SYSCTL} net.inet.ip.accept_sourceroute=0 > /dev/null
+	if ! check_jail vnet; then
+		if checkyesno forward_sourceroute; then
+			ropts_init inet
+			echo -n ' do source routing=YES'
+			${SYSCTL} net.inet.ip.sourceroute=1 > /dev/null
+		else
+			${SYSCTL} net.inet.ip.sourceroute=0 > /dev/null
+		fi
+
+		if checkyesno accept_sourceroute; then
+			ropts_init inet
+			echo -n ' accept source routing=YES'
+			${SYSCTL} net.inet.ip.accept_sourceroute=1 > /dev/null
+		else
+			${SYSCTL} net.inet.ip.accept_sourceroute=0 > /dev/null
+		fi
 	fi
 
 	if checkyesno arpproxy_all; then

Modified: head/etc/rc.subr
==============================================================================
--- head/etc/rc.subr	Sat Sep 13 18:41:24 2014	(r271544)
+++ head/etc/rc.subr	Sat Sep 13 18:54:15 2014	(r271545)
@@ -1966,6 +1966,22 @@ check_required_after()
 	return 0
 }
 
+# check_jail mib
+#	Return true if security.jail.$mib exists and set to 1.
+
+check_jail()
+{
+	local _mib _v
+
+	_mib=$1
+	if _v=$(${SYSCTL_N} "security.jail.$_mib" 2> /dev/null); then
+		case $_v in
+		1)	return 0;;
+		esac
+	fi
+	return 1
+}
+
 # check_kern_features mib
 #	Return existence of kern.features.* sysctl MIB as true or
 #	false.  The result will be cached in $_rc_cache_kern_features_

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201409131854.s8DIsF8W084145>