Date: Thu, 27 Nov 2008 22:18:38 +0100 From: "Frank Behrens" <frank@harz.behrens.de> To: "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net> Cc: freebsd-jail@freebsd.org Subject: Re: Anyone interested in jail patches? Message-ID: <200811272118.mARLIdKH006580@post.behrens.de> In-Reply-To: <20081126234502.S61259@maildrop.int.zabbadoz.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi Bjoern, thanks for the good news! Bjoern A. Zeeb <bzeeb-lists@lists.zabbadoz.net> wrote on 26 Nov 2008 23:56: > 2b) for RELENG_7: > http://people.freebsd.org/~bz/bz_jail7-20081126-02-at153644.diff I already used your patch from May 2008 in production without any problems. The update was no problem, you patch applied cleanly to current sources. Until now I could not see any regression in jail handling compared to the version from May, so I would say: good work. (Source address handling is another topic and another thread.) There is still a question left: In earlier version we had a sysctl security.jail.jailed_sockets_first. This sysctl was removed, so I assume it is "built-in" now, eventually I did not see any problems. On the other side I still read in the patched jail(2) man page: "Similarly, it might be a good idea to add an address alias flag such that daemons listening on all IPs (INADDR_ANY) will not bind on that address...". Can you explain the current behaviour? I did not test your patch with multiple IPv4 adresses, but jails are working well with an IPv4 and IPv6 address. I would like to see this functionality in RELENG_7. Thanks again for your good work, I believe many FreeBSD users will appreciate this long missed feature. Frank -- Frank Behrens, Osterwieck, Germany PGP-key 0x5B7C47ED on public servers available.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200811272118.mARLIdKH006580>