[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [ezjail] per jail security parameters



---- On Wed, 31 Jul 2013 10:10:44 +0200 Ollivier Robert  wrote ---- 

>According to kaltheat: 
>> That's what I did. I rechecked it once again by resetting and doing step-by-step 
>> what you did. No success. security.jail.allow_raw_sockets in jail stays 0 here. 
> 
>Weird. 
> 
>I've put it in my ezjail/* files and it works: 
> ...

OK. Your configuration seems to be as mine in the relevant parts.

I think that the jail-rc-script on these machines isn't able to handle parameters.
These machines run 9.1-RELEASE.

I looked into sources of jail-rc-script on HEAD and found that creation command of jail was
developed from

                eval ${_setfib} jail ${_flags} -i ${_rootdir} ${_hostname} \
                        \"${_addrl}\" ${_exec_start} > ${_tmp_jail} 2>&1 \
                        </dev/null

to

eval ${_setfib} jail -n ${_jail} ${_flags} -i -c path=${_rootdir} host.hostname=${_hostname} \
			${_addrl:+ip4.addr=\"${_addrl}\"} ${_addr6l:+ip6.addr=\"${_addr6l}\"} \
			${_parameters} command=${_exec_start} > ${_tmp_jail} 2>&1 \
			</dev/null

.
So I think without manipulating /etc/rc.d/jail on FreeBSD-9.1-RELEASE per jail parameters can't
be used with ezjail. Am I right?

Regards,
kaltheat