From owner-cvs-all  Sat Aug  4 15: 2:46 2001
Delivered-To: cvs-all@freebsd.org
Received: from fledge.watson.org (fledge.watson.org [204.156.12.50])
	by hub.freebsd.org (Postfix) with ESMTP
	id 2524337B401; Sat,  4 Aug 2001 15:02:43 -0700 (PDT)
	(envelope-from robert@fledge.watson.org)
Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3])
	by fledge.watson.org (8.11.4/8.11.4) with SMTP id f74M2df20395;
	Sat, 4 Aug 2001 18:02:39 -0400 (EDT)
	(envelope-from robert@fledge.watson.org)
Date: Sat, 4 Aug 2001 18:02:38 -0400 (EDT)
From: Robert Watson <rwatson@FreeBSD.org>
X-Sender: robert@fledge.watson.org
To: Adrian Chadd <adrian@FreeBSD.org>
Cc: cvs-all@FreeBSD.org
Subject: Re: cvs commit: src/sys/kern kern_jail.c
In-Reply-To: <20010804182331.A67466@ywing.creative.net.au>
Message-ID: <Pine.NEB.3.96L.1010804180200.20389A-100000@fledge.watson.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-cvs-all@FreeBSD.ORG
Precedence: bulk
List-ID: <cvs-all.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20cvs-all>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20cvs-all>
X-Loop: FreeBSD.ORG


I have approval from the RE to MFC this in the next few days -- if you
have the opportunity to test that it resolves the problem you're
experiencing, and doesn't introduce new problems, that would be great to
hear about.



Robert N M Watson             FreeBSD Core Team, TrustedBSD Project
robert@fledge.watson.org      NAI Labs, Safeport Network Services

On Sat, 4 Aug 2001, Adrian Chadd wrote:

> On Fri, Aug 03, 2001, Robert Watson wrote:
> > rwatson     2001/08/03 11:21:06 PDT
> > 
> >   Modified files:
> >     sys/kern             kern_jail.c 
> >   Log:
> >   Anton kindly pointed out (and fixed) a bug in the Jail handling of the
> >   bind() call on IPv4 sockets:
> >   
> >     Currently, if one tries to bind a socket using INADDR_LOOPBACK inside a
> >     jail, it will fail because prison_ip() does not take this possibility
> >     into account.  On the other hand, when one tries to connect(), for
> >     example, to localhost, prison_remote_ip() will silently convert
> >     INADDR_LOOPBACK to the jail's IP address.  Therefore, it is desirable to
> >     make bind() to do this implicit conversion as well.
> >   
> >     Apart from this, the patch also replaces 0x7f000001 in
> >     prison_remote_ip() to a more correct INADDR_LOOPBACK.
> >   
> >   This is a 4.4-RELEASE "during the freeze, thanks" MFC candidate.
> 
> Cool!
> 
> I was hoping this would go in - it fixes a problem with running squid
> in a jail (the helper apps want to use 127.0.0.1, but binding to them
> fails..)
> 
> 
> 
> Adrian
> 
> 


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message