[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [ezjail] raw sockets for one jail only

Hello Jérôme,

Le mercredi 16 à 13:28, Jérôme Lebel a écrit :
> Is there a way to activate raw sockets for only jail and not the
> others. I found : jail -m jid=1 allow.raw_sockets=1, but I'm looking
> for a permanent flag, something I would not have to do each time I
> start my jail.

As ezjail delegates all the work of starting the jail to /etc/rc.d/jail,
this is more a "jail" question than an "ezjail" one.

I was surprised to see that /etc/rc.d/jail uses the "old form" of
jail(8) invocation (the second form in the synopsis), so adding
`export jail_MYJAIL_flags="allow.raw_sockets=1"' to
/usr/local/etc/ezjail/MYJAIL.conf doesn't work.

You could put something like `jail_MYJAIL_exec_poststart0="jail -m jid=X
allow_raw_sockets=1"' in MYJAIL.conf, but you would need to guess X in
advance. Maybe using a script with a tiny bit of intelligence would do
the trick, but this looks more complex than need be.