From owner-freebsd-security@FreeBSD.ORG Thu Dec 22 09:27:51 2005 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AD25B16A424 for ; Thu, 22 Dec 2005 09:27:51 +0000 (GMT) (envelope-from marko.lerota@optima-telekom.hr) Received: from smtp.optima-telekom.hr (surf212.optima-telekom.hr [85.114.34.212]) by mx1.FreeBSD.org (Postfix) with ESMTP id F275043D76 for ; Thu, 22 Dec 2005 09:27:42 +0000 (GMT) (envelope-from marko.lerota@optima-telekom.hr) Received: (qmail 20599 invoked by uid 1001); 22 Dec 2005 09:24:45 -0000 To: freebsd-security@freebsd.org Face: iVBORw0KGgoAAAANSUhEUgAAADAAAAAwBAMAAAClLOS0AAAAJFBMVEWgnbRLVpRNVY9jMRPh s21jSlEyNVX45Mv4zI+sbUclFAtMVpT8V0lFAAACZ0lEQVR4nG3Tv2vbQBQHcFMogWyeNeVK BLXGl5j6xnABOaNTuXFGmWpwtw519yj4soW6AatT4GKD3+aDZrl/rt/Tr9qlGiz7Pn7v3bsf HVc/NrIiSfElqH53GgijcCqzk/+AmBF5cN0DsFlIRGMh/oHuqxkTM6VlzB4EoZEs2aSZOASb EQJYZpweQshE697GTDndBXtgp9LIT9+OpDGHEfb9knk+nx+jfN1JCVZMCl6XwFm0a2EXztZD 3s4fj47ZbKI2VeBmJImeEfGLJ+M9sDPilX7IB5rN6sdfcGhuoHU+LC4nxfnI7YOJtdb95Gb+ fbgJ2uJ2ZgaA++f5ZzBqNCCYfMTd5q0BfBVNqm7I8gUjQ+YtXotRW6PH9AEj+dKs/KuNQAl5 o/NY+QkonW8aQAl0oXMYPvRiXIM4pRJifbXytnhTA8alBx/jefG2ar3DBlt34/PXz9M+nMVN iNaPUdCApJc2ItejOmLGoK1qQLV9pJmXBnL10DYoBA5aHNfj8ZNwZa5O4CzgTJeilKJmrQJs IHIt1/7/Sg2p3iq/Hz0/5W05rq4M9aN2B5FLohUP4ylVyfxhEIjAs8J4PhIJ9U+CEroogib5 BXAf7bB4vkfAzgPFt1tM9sJZAOH+lCexhwswuNtim4QTZdokqo4o89LkH7V6iFxICeqfp+Wh fmUuGPunLj2Meti6Cn4DjJ/UReROqR+aqawAi/JkfgKE64rrfkhjU8MtT8ivR4S5n6Yo08A7 HvgAlHDWRSGlNSDxwK9HtXy4FS2I60EdUIJM+Ut9OZNJG4CpbEQW1VBQoQoPuBw2EVa4P0u0 TgzQF+VoAAAAAElFTkSuQmCC Organization: Unix Users - Fanatics Dept. X-Request-PGP: X-GNUPG-Fingerprint: CF5E 6862 2777 A471 5D2E 0015 8DA6 D56D 17E5 2A51 From: Marko Lerota Date: Thu, 22 Dec 2005 10:24:45 +0100 Message-ID: <8664ph32n6.fsf@redcloud.local> User-Agent: Gnus/5.1007 (Gnus v5.10.7) XEmacs/21.4.17 (Jumbo Shrimp, berkeley-unix) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Subject: jails and sysctl in freebsd 6.0 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 22 Dec 2005 09:27:52 -0000 Bug or something, look at this [~]# cat /etc/sysctl.conf security.jail.allow_raw_sockets=1 security.jail.set_hostname_allowed=0 [~]# sysctl -a | grep jail security.jail.set_hostname_allowed: 1 <<<<< here security.jail.socket_unixiproute_only: 1 security.jail.sysvipc_allowed: 0 security.jail.enforce_statfs: 2 security.jail.allow_raw_sockets: 1 security.jail.chflags_allowed: 0 security.jail.jailed: 0 The variable points to 1. You can't change the hostname in jail (that's what I want). But booting OS hangs a little if you put 'security.jail.set_hostname_allowed=0' to /etc/sysctl.conf. If I put 'jail_set_hostname_allow="NO"' to /etc/rc.conf and remove it from /etc/sysctl.conf it boots OK without delay and sysctl outputs the correct value. [~]# uname -a FreeBSD mother-mail.optima-telekom.hr 6.0-STABLE FreeBSD 6.0-STABLE #0: Wed Dec 21 -- One cannot sell the earth upon which the people walk Tacunka Witco