Date: Wed, 19 Nov 2014 14:05:29 +0000 From: "Bjoern A. Zeeb" <bz@FreeBSD.org> To: Craig Rodrigues <rodrigc@FreeBSD.org> Cc: FreeBSD Net <freebsd-net@freebsd.org>, "freebsd-virtualization@freebsd.org" <freebsd-virtualization@freebsd.org>, freebsd-arch <freebsd-arch@freebsd.org> Subject: Re: RFC: Enabling VIMAGE in GENERIC Message-ID: <362F742A-BA6F-483A-947C-62D4C5510F31@FreeBSD.org> In-Reply-To: <CAG=rPVeEEuK874g6%2BfVpHa5J_4V%2BA%2BQNbB5bCpXiS86jZW_U3Q@mail.gmail.com> References: <CAG=rPVccq7R5%2Bcbm6nR1WCZDM=-xwwkmF=cw8PCuk58oHPA-gQ@mail.gmail.com> <1423616F-F44D-47E5-8595-DE862DC04464@bsdimp.com> <546A34C8.6060004@freebsd.org> <CAG=rPVeEEuK874g6%2BfVpHa5J_4V%2BA%2BQNbB5bCpXiS86jZW_U3Q@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 19 Nov 2014, at 03:28 , Craig Rodrigues <rodrigc@FreeBSD.org> wrote: >=20 > (6) Ask clusteradm to run one of the machines they use > for PF firewalls + IPv6 with a VIMAGE enabled kernel, and provide > feedback. For people to use pf with VIMAGE we first MUST have the security fix = imported that I pointed out a couple of times in the past. It won=92t matter on the firewalls with just a VIMAGE enabled kernel but = using VIMAGE + pf inside a jail (once that really works if it doesn=92t = already) will allow everyone how can administer pf inside the jail to = take over the entire machine otherwise. =97=20 Bjoern A. Zeeb "Come on. Learn, goddamn it.", WarGames, 1983
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?362F742A-BA6F-483A-947C-62D4C5510F31>