Date: Tue, 6 Jun 2017 11:44:25 +0200 From: Fabian Keil <freebsd-listen@fabiankeil.de> To: Allan Jude <allanjude@FreeBSD.org> Cc: svn-src-all@freebsd.org Subject: Re: svn commit: r319611 - in head: sys/kern sys/sys usr.sbin/jail Message-ID: <20170606114425.126fd846@fabiankeil.de> In-Reply-To: <201706060215.v562F167035683@repo.freebsd.org> References: <201706060215.v562F167035683@repo.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--Sig_/vn+oAw3j4VFLc7lQ=Ngrnzy Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable Allan Jude <allanjude@FreeBSD.org> wrote: > Author: allanjude > Date: Tue Jun 6 02:15:00 2017 > New Revision: 319611 > URL: https://svnweb.freebsd.org/changeset/base/319611 >=20 > Log: > Jails: Optionally prevent jailed root from binding to privileged ports > =20 > You may now optionally specify allow.noreserved_ports to prevent root > inside a jail from using privileged ports (less than 1024) > =20 > PR: 217728 > Submitted by: Matt Miller <mattm916@pulsar.neomailbox.ch> > Reviewed by: jamie, cem, smh > Relnotes: yes > Differential Revision: https://reviews.freebsd.org/D10202 >=20 > Modified: > head/sys/kern/kern_jail.c > head/sys/sys/jail.h > head/usr.sbin/jail/jail.8 [...] > @@ -611,6 +613,8 @@ with non-jailed parts of the system. > Sockets within a jail are normally restricted to IPv4, IPv6, local > (UNIX), and route. This allows access to other protocol stacks that > have not had jail functionality added to them. > +.It Va allow.reserved_ports > +The jail root may bind to ports lower than 1024.=20 This description seems to imply that net.inet.ip.portrange.reservedhigh isn't honoured while it actually is. Fabian --Sig_/vn+oAw3j4VFLc7lQ=Ngrnzy Content-Type: application/pgp-signature Content-Description: OpenPGP digital signature -----BEGIN PGP SIGNATURE----- iF0EARECAB0WIQTKUNd6H/m3+ByGULIFiohV/3dUnQUCWTZ5ewAKCRAFiohV/3dU nQsYAKC11sINcCYeFKTw2P/wG9Ta1UkMWgCfX9MKH1G1QOjj+H61ZKfu2ATKBKI= =EV4l -----END PGP SIGNATURE----- --Sig_/vn+oAw3j4VFLc7lQ=Ngrnzy--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20170606114425.126fd846>