From owner-freebsd-jail@FreeBSD.ORG  Tue May 25 18:22:47 2010
Return-Path: <owner-freebsd-jail@FreeBSD.ORG>
Delivered-To: jail@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 6A955106567E
	for <jail@freebsd.org>; Tue, 25 May 2010 18:22:47 +0000 (UTC)
	(envelope-from glen.j.barber@gmail.com)
Received: from mail-fx0-f54.google.com (mail-fx0-f54.google.com
	[209.85.161.54])
	by mx1.freebsd.org (Postfix) with ESMTP id EE3CF8FC18
	for <jail@freebsd.org>; Tue, 25 May 2010 18:22:46 +0000 (UTC)
Received: by fxm17 with SMTP id 17so686985fxm.13
	for <jail@freebsd.org>; Tue, 25 May 2010 11:22:45 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma;
	h=domainkey-signature:received:received:date:from:to:subject
	:message-id:mime-version:content-type:content-disposition:user-agent;
	bh=X52iWn47WELgH5RI0A5vSySS8PcMIa1LunGgUI6sjAc=;
	b=W7p6ZYtiUE9xqHG6xcDdbQRrEpXQvAu7aeB9iHq1cVnR+RqYvOPX4McZIL6jMfgwlz
	GRjPzdts19bjymoF/Cg4UgB6+grpAesC2OAN0CqrLMDlXbB2aWm/jDZOxp4oxbm9q2Gg
	Uv5lM7Cj87VY1xqcfFXY8FHQOh6YAbmFhS0xY=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma;
	h=date:from:to:subject:message-id:mime-version:content-type
	:content-disposition:user-agent;
	b=ITr9I+/Gj+G7O4s0Hn/XB86qbURzXraKLSEyrZxLKlXjl/Wok73ToZskEJetpjOiix
	FIXGVWafPnQ5qzjnOrIQJ0NzjXfTgM/807XaZLD2qpKziH8GeHeVtk4tZ3Uhc+DCUvNq
	0CLd4rC+cLtkt2slnm4RgW6w6ICvpFKvJlh84=
Received: by 10.223.63.76 with SMTP id a12mr6604868fai.10.1274810273802;
	Tue, 25 May 2010 10:57:53 -0700 (PDT)
Received: from orion.glenbarber.us (c-71-230-240-241.hsd1.pa.comcast.net
	[71.230.240.241])
	by mx.google.com with ESMTPS id 15sm25833174fad.22.2010.05.25.10.57.50
	(version=SSLv3 cipher=RC4-MD5); Tue, 25 May 2010 10:57:52 -0700 (PDT)
Date: Tue, 25 May 2010 13:54:12 -0400
From: Glen Barber <glen.j.barber@gmail.com>
To: jail@freebsd.org
Message-ID: <20100525175412.GA75052@orion.glenbarber.us>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.5.20 (2009-06-14)
Cc: 
Subject: jail(8) allow.socket_af, unknown oid
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
	<mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
	<mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 25 May 2010 18:22:47 -0000

Hi,

The jail(8) man page has an entry under 'allow.*', allow.socket_af, which
states to allow access to protocol stacks that have not had jail functionality
added to them.

However, though socket_af exists in sys/kern/kern_jail.c, the sysctl itself
does not exist on my system:

    orion# sysctl -a | grep socket
    kern.ipc.maxsockets: 25600
    kern.ipc.numopensockets: 35
    security.jail.allow_raw_sockets: 0
    security.jail.socket_unixiproute_only: 1

Is this sysctl missing, or is it not a tunable?

Regards,

-- 
Glen Barber