From owner-freebsd-jail@FreeBSD.ORG Wed May 26 17:48:16 2010 Return-Path: Delivered-To: jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C27591065679 for ; Wed, 26 May 2010 17:48:16 +0000 (UTC) (envelope-from glen.j.barber@gmail.com) Received: from mail-vw0-f54.google.com (mail-vw0-f54.google.com [209.85.212.54]) by mx1.freebsd.org (Postfix) with ESMTP id 729818FC22 for ; Wed, 26 May 2010 17:48:16 +0000 (UTC) Received: by vws18 with SMTP id 18so3617556vws.13 for ; Wed, 26 May 2010 10:48:15 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from :user-agent:mime-version:to:cc:subject:references:in-reply-to :content-type:content-transfer-encoding; bh=SZB4O7p0aD8gznjVrwOqBk8zgM50BA/2TgbYknvaDRQ=; b=DcaFD+/192zeqNSUjRC4HJ2aXyo6mIATpTiq9pw3+/Tq78TCmVvyaj5rmiUb7mHSVN hAjTNGqg+oln9R253fl/u8gtKD7OKL6LHdewqsI6JnoAKvWJD7j9nqLzu9m5ZNQrM2Gl uli4xvWfeFBLZTBVgXIdb+CLTBiVPhj1e0mbI= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-type:content-transfer-encoding; b=Y+aFV8bcbXI5fIvbXXB7TZfvPuO2CykpmajCYeAoaDr/gOCg9F+hoxDhDmgqQsGo81 jkxGcrB60gOsI2sTa4dvryFnyL1SfMmeTrhQ9XCzyAzPYVZAdAqUcaib16sjQrHpMARR /5tQkInnzSTQnylBWvF+BW9adqTorM7pFh6cM= Received: by 10.220.47.220 with SMTP id o28mr6530656vcf.146.1274896095441; Wed, 26 May 2010 10:48:15 -0700 (PDT) Received: from schism.local (c-71-230-240-241.hsd1.pa.comcast.net [71.230.240.241]) by mx.google.com with ESMTPS id b22sm1224420vcp.8.2010.05.26.10.48.13 (version=SSLv3 cipher=RC4-MD5); Wed, 26 May 2010 10:48:13 -0700 (PDT) Message-ID: <4BFD5EDC.6060208@gmail.com> Date: Wed, 26 May 2010 13:48:12 -0400 From: Glen Barber User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.1.9) Gecko/20100317 Thunderbird/3.0.4 MIME-Version: 1.0 To: Jamie Gritton References: <20100525175412.GA75052@orion.glenbarber.us> <4BFD52F1.9030704@FreeBSD.org> In-Reply-To: <4BFD52F1.9030704@FreeBSD.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: jail@FreeBSD.org Subject: Re: jail(8) allow.socket_af, unknown oid X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 26 May 2010 17:48:16 -0000 Hi Jamie, On 5/26/10 12:57 PM, Jamie Gritton wrote: > On 05/25/10 11:54, Glen Barber wrote: >> The jail(8) man page has an entry under 'allow.*', allow.socket_af, >> which >> states to allow access to protocol stacks that have not had jail >> functionality >> added to them. >> >> [snip] >> >> Is this sysctl missing, or is it not a tunable? > The sysctls that describe available jail parameters don't always have a > type that sysctl(8) understands. In particular, the boolean parameters > are given a sysctl type of "B", and sysctl(8) will ignore them. > > These aren't useful sysctls in any normal way - they never have a > meaningful value. The exist only so their types and sizes can be > determined by jail(8) and jail(3). > > As per the jail(8) man page, you can use "sysctl -d" to show sysctl > descriptions without the value. Since it's only the values that > sysctl(8) doesn't understand, such parameters as allow.sock_af will then > show up. > > Or, in a short answer to your last question: this isn't a tunable in the > normal sysctl way, just a jail parameter. > > - Jamie > Thanks for the explanation. Would there be opposition about a patch for jail(8) noting which sysctls are tunable by sysctl(8) and which are not? -- Glen Barber