Date: Wed, 26 May 2010 10:57:21 -0600 From: Jamie Gritton <jamie@FreeBSD.org> To: Glen Barber <glen.j.barber@gmail.com> Cc: jail@FreeBSD.org Subject: Re: jail(8) allow.socket_af, unknown oid Message-ID: <4BFD52F1.9030704@FreeBSD.org> In-Reply-To: <20100525175412.GA75052@orion.glenbarber.us> References: <20100525175412.GA75052@orion.glenbarber.us>
next in thread | previous in thread | raw e-mail | index | archive | help
The sysctls that describe available jail parameters don't always have a type that sysctl(8) understands. In particular, the boolean parameters are given a sysctl type of "B", and sysctl(8) will ignore them. These aren't useful sysctls in any normal way - they never have a meaningful value. The exist only so their types and sizes can be determined by jail(8) and jail(3). As per the jail(8) man page, you can use "sysctl -d" to show sysctl descriptions without the value. Since it's only the values that sysctl(8) doesn't understand, such parameters as allow.sock_af will then show up. Or, in a short answer to your last question: this isn't a tunable in the normal sysctl way, just a jail parameter. - Jamie On 05/25/10 11:54, Glen Barber wrote: > The jail(8) man page has an entry under 'allow.*', allow.socket_af, which > states to allow access to protocol stacks that have not had jail functionality > added to them. > > However, though socket_af exists in sys/kern/kern_jail.c, the sysctl itself > does not exist on my system: > > orion# sysctl -a | grep socket > kern.ipc.maxsockets: 25600 > kern.ipc.numopensockets: 35 > security.jail.allow_raw_sockets: 0 > security.jail.socket_unixiproute_only: 1 > > Is this sysctl missing, or is it not a tunable?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4BFD52F1.9030704>