From owner-freebsd-jail@FreeBSD.ORG Thu Nov 27 21:18:45 2008 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C46D91065672 for ; Thu, 27 Nov 2008 21:18:45 +0000 (UTC) (envelope-from frank@harz.behrens.de) Received: from post.behrens.de (post.behrens.de [IPv6:2a01:170:1023::1:2]) by mx1.freebsd.org (Postfix) with ESMTP id 26B578FC0C for ; Thu, 27 Nov 2008 21:18:44 +0000 (UTC) (envelope-from frank@harz.behrens.de) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=behrens.de; h=from:to:date:mime-version:subject:cc:in-reply-to:content-type:content-transfer-encoding:content-description; s=pinky1; t=1227820723; i=frank@harz.behrens.de; bh=zBeoE/v8RTzagdpB69IG3k50EoWfqV1Yd5HNIGXK89E=; b=oLP5Syum4xwXWU0580aaJh6guWv5d40K3FBSIQh1KYCQN9YKsbA9pvr9md/WVEH4LvrOd4sZdGCbERLs+Tl2oA== Received: from sun.behrens ([IPv6:2a01:170:1023:0:c0d6:53ce:9573:dd8b]) by post.behrens.de (8.14.3/8.14.2) with ESMTP(MSA) id mARLIdKH006580; Thu, 27 Nov 2008 22:18:39 +0100 (CET) (envelope-from frank@harz.behrens.de) Message-Id: <200811272118.mARLIdKH006580@post.behrens.de> From: "Frank Behrens" To: "Bjoern A. Zeeb" Date: Thu, 27 Nov 2008 22:18:38 +0100 MIME-Version: 1.0 Priority: normal In-reply-to: <20081126234502.S61259@maildrop.int.zabbadoz.net> X-mailer: Pegasus Mail for Windows (4.31, DE v4.31 R1) Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Content-description: Mail message body X-Hashcash: 1:23:081127:freebsd-jail@freebsd.org::7Bm4LnHPuvPlMC0J:0000000002Kzk X-Hashcash: 1:23:081127:bzeeb-lists@lists.zabbadoz.net::HqN/aPCD5nyVIBDd:000OWtv Cc: freebsd-jail@freebsd.org Subject: Re: Anyone interested in jail patches? X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 27 Nov 2008 21:18:45 -0000 Hi Bjoern, thanks for the good news! Bjoern A. Zeeb wrote on 26 Nov 2008 23:56: > 2b) for RELENG_7: > http://people.freebsd.org/~bz/bz_jail7-20081126-02-at153644.diff I already used your patch from May 2008 in production without any problems. The update was no problem, you patch applied cleanly to current sources. Until now I could not see any regression in jail handling compared to the version from May, so I would say: good work. (Source address handling is another topic and another thread.) There is still a question left: In earlier version we had a sysctl security.jail.jailed_sockets_first. This sysctl was removed, so I assume it is "built-in" now, eventually I did not see any problems. On the other side I still read in the patched jail(2) man page: "Similarly, it might be a good idea to add an address alias flag such that daemons listening on all IPs (INADDR_ANY) will not bind on that address...". Can you explain the current behaviour? I did not test your patch with multiple IPv4 adresses, but jails are working well with an IPv4 and IPv6 address. I would like to see this functionality in RELENG_7. Thanks again for your good work, I believe many FreeBSD users will appreciate this long missed feature. Frank -- Frank Behrens, Osterwieck, Germany PGP-key 0x5B7C47ED on public servers available.