Date: Wed, 07 Jun 2017 10:20:33 +0200 From: Alexander Leidinger <Alexander@leidinger.net> To: Allan Jude <allanjude@freebsd.org> Cc: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: Re: svn commit: r319611 - in head: sys/kern sys/sys usr.sbin/jail Message-ID: <20170607102033.Horde.fNxJ0jaYva0yGHTMA77wPTz@webmail.leidinger.net> In-Reply-To: <201706060215.v562F167035683@repo.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
This message is in MIME format and has been PGP signed. --=_tcAMtdPDjwf0crhh_kKpgZL Content-Type: text/plain; charset=utf-8; format=flowed; DelSp=Yes Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Quoting Allan Jude <allanjude@freebsd.org> (from Tue, 6 Jun 2017=20=20 02:15:01=20+0000 (UTC)): > Author: allanjude > Date: Tue Jun 6 02:15:00 2017 > New Revision: 319611 > URL: https://svnweb.freebsd.org/changeset/base/319611 > > Log: > Jails: Optionally prevent jailed root from binding to privileged ports > > You may now optionally specify allow.noreserved_ports to prevent root > inside a jail from using privileged ports (less than 1024) What about a different name than "noreserved_ports"? This is very=20=20 close=20to "nonreserverd_ports", and as such it's easy to get wrong the=20= =20 first=20time. IMO "block_reserved_ports" and "noblock_reserved_ports"=20=20 (or=20another similar explicit wording) is less likely to get=20=20 misunderstood=20(please take potential lack of language learning skills=20= =20 into=20account...). > Modified: head/sys/kern/kern_jail.c > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D > --- head/sys/kern/kern_jail.c Tue Jun 6 02:03:22 2017 (r319610) > +++ head/sys/kern/kern_jail.c Tue Jun 6 02:15:00 2017 (r319611) > @@ -199,6 +199,7 @@ static char *pr_allow_names[] =3D { > "allow.mount.fdescfs", > "allow.mount.linprocfs", > "allow.mount.linsysfs", > + "allow.reserved_ports", > }; > const size_t pr_allow_names_size =3D sizeof(pr_allow_names); > > @@ -218,10 +219,11 @@ static char *pr_allow_nonames[] =3D { > "allow.mount.nofdescfs", > "allow.mount.nolinprocfs", > "allow.mount.nolinsysfs", > + "allow.noreserved_ports", Bye, Alexander. --=20 http://www.Leidinger.net=20Alexander@Leidinger.net: PGP 0x8F31830F9F2772BF http://www.FreeBSD.org netchild@FreeBSD.org : PGP 0x8F31830F9F2772BF --=_tcAMtdPDjwf0crhh_kKpgZL Content-Type: application/pgp-signature Content-Description: Digitale PGP-Signatur Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAABAgAGBQJZN7dRAAoJEKrxQhqFIICEEsEP+gLusm7tQ8ecCJgRet9NquQB 36p+23f9Q2E2QxtU7BWqr2nx+0H9nm2omhzQz/mxvzL4HwTcad+KSIJXuTJ095rG 3MGXlGsF/fuhVeLcg96khozHb6cjWNGutf171YTi/1rEga2PPUxbGZ1mGdBX7dNl RUF6hRYx+4p3uDyl6gF9WP/v51jil0Nc8yoAYfaqJxQe9ny0gO/uaZV8O39s+N/E ssGFajv4+XRzLdPgD0cpMxmvMpQY/AqWb4MCj1r1Nf8bdptPlZdz2gQf+EyIJeOX 6oMOazlb6jKuqKloogYcc/Lhy7GeNGhFIq6+Oq6K2KM7TII7DPDMPuVqEuOVQBg7 xRx1CCUOIHlFsKKD15PtR0EbUtRBy+05HjYWJ5XIX43ghw6Uw5DPjHNGpaBuFHkN 5NwHUl0DbNqw9Me6z0KNTgQ97+T9UEAxsTLao31iRQ2ZZNWM17pRjXuFxR7xUUf6 tED7eadWud8VthFZb69zKOS0PJ7S8HXSOCFSe5qsIoo0eEpyuBjGos+f67v4OnOo VXIS9oLLMk8F3l3tysLks9oUq0Xv7b/pVjbnu891SOhZGjCxIpovWZNRU0bVQFcX og1Wn9xzOja8U1H+wZ5adTJp3LyHlbHjotMw0HQLukZQ39rXPWGmp+kI1vPnRt8/ SMCa6+o5RE2T0ADAnMEQ =STAj -----END PGP SIGNATURE----- --=_tcAMtdPDjwf0crhh_kKpgZL--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20170607102033.Horde.fNxJ0jaYva0yGHTMA77wPTz>