From owner-freebsd-arch  Sat Apr 28 17: 2:32 2001
Delivered-To: freebsd-arch@freebsd.org
Received: from sasami.jurai.net (sasami.jurai.net [64.0.106.45])
	by hub.freebsd.org (Postfix) with ESMTP
	id 623E937B423; Sat, 28 Apr 2001 17:02:24 -0700 (PDT)
	(envelope-from scanner@jurai.net)
Received: from localhost (scanner@localhost)
	by sasami.jurai.net (8.9.3/8.8.7) with ESMTP id UAA85197;
	Sat, 28 Apr 2001 20:02:23 -0400 (EDT)
Date: Sat, 28 Apr 2001 20:02:23 -0400 (EDT)
From: <scanner@jurai.net>
To: Robert Watson <rwatson@FreeBSD.ORG>
Cc: freebsd-arch@FreeBSD.ORG
Subject: Re: jailNG 
In-Reply-To: <Pine.NEB.3.96L.1010428195253.89482E-100000@fledge.watson.org>
Message-ID: <Pine.BSF.4.21.0104281956430.85066-100000@sasami.jurai.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-arch@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Sat, 28 Apr 2001, Robert Watson wrote:

> The jail() code doesn't allow user applications to open raw sockets
> permitting direct use of ICMP by user processes, but all of the normal use
> of ICMP by the network stack directly is uninhibited.  This means that
> things like PMTU discovery work just fine, but applications such as ping
> do not work in jail().  It's possible to imagine modifications to the raw
> socket behavior that might permit use of it from within jail(), but
> there's a whole can of worms there that we're not willing to spend too
> much time on at this point.

Ok. I wasn't sure. I couldnt believe it would block
ICMP. I knew there was a logical system with its behaviour. I actually
like the current way then. I see jail as a virtual hosting env. more then
anything else. Thanks for the explanation.

=============================================================================
-Chris Watson         (316) 326-3862 | FreeBSD Consultant, FreeBSD Geek 
Work:              scanner@jurai.net | Open Systems Inc., Wellington, Kansas
Home:  scanner@deceptively.shady.org | http://open-systems.net
=============================================================================
WINDOWS: "Where do you want to go today?"
LINUX: "Where do you want to go tomorrow?"
BSD: "Are you guys coming or what?"
=============================================================================
irc.openprojects.net #FreeBSD -Join the revolution!
ICQ: 20016186


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-arch" in the body of the message