Commit 53e95db5 authored by Leigh B. Stoller's avatar Leigh B. Stoller
Browse files

Add a few more permission bits to jailconfig:

INADDRANY: When 1, jail is allowed to bind to INADDR_ANY. When packet
           comes in, the pchlookup checks the prison IPs.

ROUTING:   Jail gets access to its routing table. This presently implies
           that the jail gets its own private routing table via new
	   jail options.

DEVMEM:    Jail gets a real /dev/mem and /dev/kmem instead of a
           symlink to /dev/null. This pretty much bypasses security so
           its not something to do on widearea nodes, but on local
           nodes that fine.
parent fa716ae9
...@@ -4260,7 +4260,11 @@ COMMAND_PROTOTYPE(dojailconfig) ...@@ -4260,7 +4260,11 @@ COMMAND_PROTOTYPE(dojailconfig)
"SSHDPORT=%d\n" "SSHDPORT=%d\n"
"SYSVIPC=1\n" "SYSVIPC=1\n"
"INETRAW=1\n" "INETRAW=1\n"
"BPFRO=1\n", low, high, sport); "BPFRO=1\n"
"INADDRANY=1\n"
"ROUTING=1\n"
"DEVMEM=1\n",
low, high, sport);
client_writeback(sock, buf, strlen(buf), tcp); client_writeback(sock, buf, strlen(buf), tcp);
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment