Date: Thu, 18 Oct 2018 15:14:42 -0700 From: Julian Elischer <julian@freebsd.org> To: Jamie Gritton <jamie@FreeBSD.org>, src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-11@freebsd.org Subject: Re: svn commit: r339411 - stable/11/sys/kern Message-ID: <e5b40f8b-6ac1-54bf-073f-ffc7cb95d574@freebsd.org> In-Reply-To: <201810171617.w9HGHvVx031753@repo.freebsd.org> References: <201810171617.w9HGHvVx031753@repo.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 17/10/18 9:17 am, Jamie Gritton wrote: > Author: jamie > Date: Wed Oct 17 16:17:57 2018 > New Revision: 339411 > URL: https://svnweb.freebsd.org/changeset/base/339411 > > Log: > MFC r339211: > > Fix the test prohibiting jails from sharing IP addresses. > > It's not supposed to be legal for two jails to contain the same IP address, > unless both jails contain only that one address. This is the behavior > documented in jail(8), and is there to prevent confusion when multiple > jails are listening on IADDR_ANY. > > VIMAGE jails (now the default for GENERIC kernels) test this correctly, > but non-VIMAGE jails have been performing an incomplete test when nested > jails are used. I think VIMAGE Jails should be able to have the same address optionally.. who says they are even in the same universe? > > Modified: > stable/11/sys/kern/kern_jail.c > Directory Properties: > stable/11/ (props changed) > > Modified: stable/11/sys/kern/kern_jail.c > ============================================================================== > --- stable/11/sys/kern/kern_jail.c Wed Oct 17 16:17:56 2018 (r339410) > +++ stable/11/sys/kern/kern_jail.c Wed Oct 17 16:17:57 2018 (r339411) > @@ -1411,11 +1411,12 @@ kern_jail_set(struct thread *td, struct uio *optuio, i > * there is a duplicate on a jail with more than one > * IP stop checking and return error. > */ > - tppr = ppr; > #ifdef VIMAGE > - for (; tppr != &prison0; tppr = tppr->pr_parent) > + for (tppr = ppr; tppr != &prison0; tppr = tppr->pr_parent) > if (tppr->pr_flags & PR_VNET) > break; > +#else > + tppr = &prison0; > #endif > FOREACH_PRISON_DESCENDANT(tppr, tpr, descend) { > if (tpr == pr || > @@ -1478,11 +1479,12 @@ kern_jail_set(struct thread *td, struct uio *optuio, i > } > } > /* Check for conflicting IP addresses. */ > - tppr = ppr; > #ifdef VIMAGE > - for (; tppr != &prison0; tppr = tppr->pr_parent) > + for (tppr = ppr; tppr != &prison0; tppr = tppr->pr_parent) > if (tppr->pr_flags & PR_VNET) > break; > +#else > + tppr = &prison0; > #endif > FOREACH_PRISON_DESCENDANT(tppr, tpr, descend) { > if (tpr == pr || > >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?e5b40f8b-6ac1-54bf-073f-ffc7cb95d574>