Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 6 Jun 2017 11:44:25 +0200
From:      Fabian Keil <freebsd-listen@fabiankeil.de>
To:        Allan Jude <allanjude@FreeBSD.org>
Cc:        svn-src-all@freebsd.org
Subject:   Re: svn commit: r319611 - in head: sys/kern sys/sys usr.sbin/jail
Message-ID:  <20170606114425.126fd846@fabiankeil.de>
In-Reply-To: <201706060215.v562F167035683@repo.freebsd.org>
References:  <201706060215.v562F167035683@repo.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
--Sig_/vn+oAw3j4VFLc7lQ=Ngrnzy
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: quoted-printable

Allan Jude <allanjude@FreeBSD.org> wrote:

> Author: allanjude
> Date: Tue Jun  6 02:15:00 2017
> New Revision: 319611
> URL: https://svnweb.freebsd.org/changeset/base/319611
>=20
> Log:
>   Jails: Optionally prevent jailed root from binding to privileged ports
>  =20
>   You may now optionally specify allow.noreserved_ports to prevent root
>   inside a jail from using privileged ports (less than 1024)
>  =20
>   PR:		217728
>   Submitted by:	Matt Miller <mattm916@pulsar.neomailbox.ch>
>   Reviewed by:	jamie, cem, smh
>   Relnotes:	yes
>   Differential Revision:	https://reviews.freebsd.org/D10202
>=20
> Modified:
>   head/sys/kern/kern_jail.c
>   head/sys/sys/jail.h
>   head/usr.sbin/jail/jail.8
[...]
> @@ -611,6 +613,8 @@ with non-jailed parts of the system.
>  Sockets within a jail are normally restricted to IPv4, IPv6, local
>  (UNIX), and route.  This allows access to other protocol stacks that
>  have not had jail functionality added to them.
> +.It Va allow.reserved_ports
> +The jail root may bind to ports lower than 1024.=20

This description seems to imply that net.inet.ip.portrange.reservedhigh
isn't honoured while it actually is.

Fabian

--Sig_/vn+oAw3j4VFLc7lQ=Ngrnzy
Content-Type: application/pgp-signature
Content-Description: OpenPGP digital signature

-----BEGIN PGP SIGNATURE-----

iF0EARECAB0WIQTKUNd6H/m3+ByGULIFiohV/3dUnQUCWTZ5ewAKCRAFiohV/3dU
nQsYAKC11sINcCYeFKTw2P/wG9Ta1UkMWgCfX9MKH1G1QOjj+H61ZKfu2ATKBKI=
=EV4l
-----END PGP SIGNATURE-----

--Sig_/vn+oAw3j4VFLc7lQ=Ngrnzy--

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20170606114425.126fd846>