From owner-svn-src-all@freebsd.org Wed Jun 7 08:21:04 2017 Return-Path: Delivered-To: svn-src-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id E7913BFE502; Wed, 7 Jun 2017 08:21:04 +0000 (UTC) (envelope-from Alexander@leidinger.net) Received: from mailgate.Leidinger.net (mailgate.leidinger.net [IPv6:2a00:1828:2000:375::1:5]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 942CC667F6; Wed, 7 Jun 2017 08:21:04 +0000 (UTC) (envelope-from Alexander@leidinger.net) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=leidinger.net; s=outgoing-alex; t=1496823633; bh=4BdD/oDBBv7DpWxWKziDM9H5uJynVMRHkAVppIUt3kE=; h=Date:From:To:Cc:Subject:In-Reply-To; b=TxYw0nKBrBOY+xBR/V+T1xcsD9sZfiByi3WnEtWNsxixVd2qRKljHqhjR+wP9YYGF ClzGlOJos1QusW1DKalMe6FgwMpl4Vngez6LE1nXHmo/17VQwBI+ux09d0Fw/uNfkw y8ARpiP1Nk4+9V0Ew5w6hCfQYukBFRruUvjgx8rjcq9lQcVtYUW44FSxftGBXkk1Kj 7kW1qPPM8z4W8e7hzVNDdvk9feGP8r72qz4ZwZHoGjdouQEtHVV/5UmjChsM5FWtyQ SmdegiLbAPF6s9y309doju4dvx7PqOtKMo/ZORzi/bbzmzuW44uNvzfCFhZz1xDcbp lwzFfTZjVd+Tg== DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=leidinger.net; s=outgoing-alex; t=1496823660; bh=4BdD/oDBBv7DpWxWKziDM9H5uJynVMRHkAVppIUt3kE=; h=Date:From:To:Cc:Subject:In-Reply-To; b=wlKWd2r1zZgNqN/Y2/ZCe8to6hAukz5u+ZyYCydarCdbDCIRI3nrEGM47sgQhihcl 0yAV/fslv/wmYeegDgF4A7JAk34ftGpZzn96I4luxL7kjeCvFx8kOiJZcGa5G5sIdg INnbFCpkv1sFJuE9e6dO5H2+2FFfgapgEXjrQtnE9u39aIowGZs5vXcTMkaNnG2Gp3 LPdZ8zMehUM/gxkgNjq1A+1k7KIZMHvGET4DP+9g5XL740Grm0zXy9m1nLAfvaK4ix GImBen7wOisEn7wrsF2StNMGtDRkx8prhdLT38/PZh78zjBEmM6FdsFBH/XqYFuC6m i90nmGg2IznLA== Date: Wed, 07 Jun 2017 10:20:33 +0200 Message-ID: <20170607102033.Horde.fNxJ0jaYva0yGHTMA77wPTz@webmail.leidinger.net> From: Alexander Leidinger To: Allan Jude Cc: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: Re: svn commit: r319611 - in head: sys/kern sys/sys usr.sbin/jail In-Reply-To: <201706060215.v562F167035683@repo.freebsd.org> User-Agent: Horde Application Framework 5 Content-Type: multipart/signed; boundary="=_tcAMtdPDjwf0crhh_kKpgZL"; protocol="application/pgp-signature"; micalg=pgp-sha1 MIME-Version: 1.0 X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 07 Jun 2017 08:21:05 -0000 This message is in MIME format and has been PGP signed. --=_tcAMtdPDjwf0crhh_kKpgZL Content-Type: text/plain; charset=utf-8; format=flowed; DelSp=Yes Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Quoting Allan Jude (from Tue, 6 Jun 2017=20=20 02:15:01=20+0000 (UTC)): > Author: allanjude > Date: Tue Jun 6 02:15:00 2017 > New Revision: 319611 > URL: https://svnweb.freebsd.org/changeset/base/319611 > > Log: > Jails: Optionally prevent jailed root from binding to privileged ports > > You may now optionally specify allow.noreserved_ports to prevent root > inside a jail from using privileged ports (less than 1024) What about a different name than "noreserved_ports"? This is very=20=20 close=20to "nonreserverd_ports", and as such it's easy to get wrong the=20= =20 first=20time. IMO "block_reserved_ports" and "noblock_reserved_ports"=20=20 (or=20another similar explicit wording) is less likely to get=20=20 misunderstood=20(please take potential lack of language learning skills=20= =20 into=20account...). > Modified: head/sys/kern/kern_jail.c > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D > --- head/sys/kern/kern_jail.c Tue Jun 6 02:03:22 2017 (r319610) > +++ head/sys/kern/kern_jail.c Tue Jun 6 02:15:00 2017 (r319611) > @@ -199,6 +199,7 @@ static char *pr_allow_names[] =3D { > "allow.mount.fdescfs", > "allow.mount.linprocfs", > "allow.mount.linsysfs", > + "allow.reserved_ports", > }; > const size_t pr_allow_names_size =3D sizeof(pr_allow_names); > > @@ -218,10 +219,11 @@ static char *pr_allow_nonames[] =3D { > "allow.mount.nofdescfs", > "allow.mount.nolinprocfs", > "allow.mount.nolinsysfs", > + "allow.noreserved_ports", Bye, Alexander. --=20 http://www.Leidinger.net=20Alexander@Leidinger.net: PGP 0x8F31830F9F2772BF http://www.FreeBSD.org netchild@FreeBSD.org : PGP 0x8F31830F9F2772BF --=_tcAMtdPDjwf0crhh_kKpgZL Content-Type: application/pgp-signature Content-Description: Digitale PGP-Signatur Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAABAgAGBQJZN7dRAAoJEKrxQhqFIICEEsEP+gLusm7tQ8ecCJgRet9NquQB 36p+23f9Q2E2QxtU7BWqr2nx+0H9nm2omhzQz/mxvzL4HwTcad+KSIJXuTJ095rG 3MGXlGsF/fuhVeLcg96khozHb6cjWNGutf171YTi/1rEga2PPUxbGZ1mGdBX7dNl RUF6hRYx+4p3uDyl6gF9WP/v51jil0Nc8yoAYfaqJxQe9ny0gO/uaZV8O39s+N/E ssGFajv4+XRzLdPgD0cpMxmvMpQY/AqWb4MCj1r1Nf8bdptPlZdz2gQf+EyIJeOX 6oMOazlb6jKuqKloogYcc/Lhy7GeNGhFIq6+Oq6K2KM7TII7DPDMPuVqEuOVQBg7 xRx1CCUOIHlFsKKD15PtR0EbUtRBy+05HjYWJ5XIX43ghw6Uw5DPjHNGpaBuFHkN 5NwHUl0DbNqw9Me6z0KNTgQ97+T9UEAxsTLao31iRQ2ZZNWM17pRjXuFxR7xUUf6 tED7eadWud8VthFZb69zKOS0PJ7S8HXSOCFSe5qsIoo0eEpyuBjGos+f67v4OnOo VXIS9oLLMk8F3l3tysLks9oUq0Xv7b/pVjbnu891SOhZGjCxIpovWZNRU0bVQFcX og1Wn9xzOja8U1H+wZ5adTJp3LyHlbHjotMw0HQLukZQ39rXPWGmp+kI1vPnRt8/ SMCa6+o5RE2T0ADAnMEQ =STAj -----END PGP SIGNATURE----- --=_tcAMtdPDjwf0crhh_kKpgZL--