5 messages in org.freebsd.freebsd-jailRe: jail(8) allow.socket_af, unknown oid| From | Sent On | Attachments |
|---|---|---|
| Glen Barber | May 25, 2010 10:53 am | |
| Jamie Gritton | May 26, 2010 9:56 am | |
| Glen Barber | May 26, 2010 10:47 am | |
| Jamie Gritton | May 26, 2010 12:03 pm | |
| jhell | May 27, 2010 6:31 pm |
| Subject: | Re: jail(8) allow.socket_af, unknown oid | |
|---|---|---|
| From: | Jamie Gritton (jam...@FreeBSD.org) | |
| Date: | May 26, 2010 9:56:58 am | |
| List: | org.freebsd.freebsd-jail | |
The sysctls that describe available jail parameters don't always have a type that sysctl(8) understands. In particular, the boolean parameters are given a sysctl type of "B", and sysctl(8) will ignore them.
These aren't useful sysctls in any normal way - they never have a meaningful value. The exist only so their types and sizes can be determined by jail(8) and jail(3).
As per the jail(8) man page, you can use "sysctl -d" to show sysctl descriptions without the value. Since it's only the values that sysctl(8) doesn't understand, such parameters as allow.sock_af will then show up.
Or, in a short answer to your last question: this isn't a tunable in the normal sysctl way, just a jail parameter.
- Jamie
On 05/25/10 11:54, Glen Barber wrote:
The jail(8) man page has an entry under 'allow.*', allow.socket_af, which states to allow access to protocol stacks that have not had jail functionality added to them.
However, though socket_af exists in sys/kern/kern_jail.c, the sysctl itself does not exist on my system:
orion# sysctl -a | grep socket kern.ipc.maxsockets: 25600 kern.ipc.numopensockets: 35 security.jail.allow_raw_sockets: 0 security.jail.socket_unixiproute_only: 1
Is this sysctl missing, or is it not a tunable?
_______________________________________________ free...@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to "free...@freebsd.org"