Date: Wed, 07 Jun 2017 10:20:33 +0200 From: Alexander Leidinger <Alexander@leidinger.net> To: Allan Jude <allanjude@freebsd.org> Cc: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: Re: svn commit: r319611 - in head: sys/kern sys/sys usr.sbin/jail Message-ID: <20170607102033.Horde.fNxJ0jaYva0yGHTMA77wPTz@webmail.leidinger.net> In-Reply-To: <201706060215.v562F167035683@repo.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --] Quoting Allan Jude <allanjude@freebsd.org> (from Tue, 6 Jun 2017 02:15:01 +0000 (UTC)): > Author: allanjude > Date: Tue Jun 6 02:15:00 2017 > New Revision: 319611 > URL: https://svnweb.freebsd.org/changeset/base/319611 > > Log: > Jails: Optionally prevent jailed root from binding to privileged ports > > You may now optionally specify allow.noreserved_ports to prevent root > inside a jail from using privileged ports (less than 1024) What about a different name than "noreserved_ports"? This is very close to "nonreserverd_ports", and as such it's easy to get wrong the first time. IMO "block_reserved_ports" and "noblock_reserved_ports" (or another similar explicit wording) is less likely to get misunderstood (please take potential lack of language learning skills into account...). > Modified: head/sys/kern/kern_jail.c > ============================================================================== > --- head/sys/kern/kern_jail.c Tue Jun 6 02:03:22 2017 (r319610) > +++ head/sys/kern/kern_jail.c Tue Jun 6 02:15:00 2017 (r319611) > @@ -199,6 +199,7 @@ static char *pr_allow_names[] = { > "allow.mount.fdescfs", > "allow.mount.linprocfs", > "allow.mount.linsysfs", > + "allow.reserved_ports", > }; > const size_t pr_allow_names_size = sizeof(pr_allow_names); > > @@ -218,10 +219,11 @@ static char *pr_allow_nonames[] = { > "allow.mount.nofdescfs", > "allow.mount.nolinprocfs", > "allow.mount.nolinsysfs", > + "allow.noreserved_ports", Bye, Alexander. -- http://www.Leidinger.net Alexander@Leidinger.net: PGP 0x8F31830F9F2772BF http://www.FreeBSD.org netchild@FreeBSD.org : PGP 0x8F31830F9F2772BF [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAABAgAGBQJZN7dRAAoJEKrxQhqFIICEEsEP+gLusm7tQ8ecCJgRet9NquQB 36p+23f9Q2E2QxtU7BWqr2nx+0H9nm2omhzQz/mxvzL4HwTcad+KSIJXuTJ095rG 3MGXlGsF/fuhVeLcg96khozHb6cjWNGutf171YTi/1rEga2PPUxbGZ1mGdBX7dNl RUF6hRYx+4p3uDyl6gF9WP/v51jil0Nc8yoAYfaqJxQe9ny0gO/uaZV8O39s+N/E ssGFajv4+XRzLdPgD0cpMxmvMpQY/AqWb4MCj1r1Nf8bdptPlZdz2gQf+EyIJeOX 6oMOazlb6jKuqKloogYcc/Lhy7GeNGhFIq6+Oq6K2KM7TII7DPDMPuVqEuOVQBg7 xRx1CCUOIHlFsKKD15PtR0EbUtRBy+05HjYWJ5XIX43ghw6Uw5DPjHNGpaBuFHkN 5NwHUl0DbNqw9Me6z0KNTgQ97+T9UEAxsTLao31iRQ2ZZNWM17pRjXuFxR7xUUf6 tED7eadWud8VthFZb69zKOS0PJ7S8HXSOCFSe5qsIoo0eEpyuBjGos+f67v4OnOo VXIS9oLLMk8F3l3tysLks9oUq0Xv7b/pVjbnu891SOhZGjCxIpovWZNRU0bVQFcX og1Wn9xzOja8U1H+wZ5adTJp3LyHlbHjotMw0HQLukZQ39rXPWGmp+kI1vPnRt8/ SMCa6+o5RE2T0ADAnMEQ =STAj -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20170607102033.Horde.fNxJ0jaYva0yGHTMA77wPTz>