Hi Bjoern, thanks for the good news!
Bjoern A. Zeeb <[EMAIL PROTECTED]> wrote on 26 Nov 2008 23:56: > 2b) for RELENG_7: > http://people.freebsd.org/~bz/bz_jail7-20081126-02-at153644.diff I already used your patch from May 2008 in production without any problems. The update was no problem, you patch applied cleanly to current sources. Until now I could not see any regression in jail handling compared to the version from May, so I would say: good work. (Source address handling is another topic and another thread.) There is still a question left: In earlier version we had a sysctl security.jail.jailed_sockets_first. This sysctl was removed, so I assume it is "built-in" now, eventually I did not see any problems. On the other side I still read in the patched jail(2) man page: "Similarly, it might be a good idea to add an address alias flag such that daemons listening on all IPs (INADDR_ANY) will not bind on that address...". Can you explain the current behaviour? I did not test your patch with multiple IPv4 adresses, but jails are working well with an IPv4 and IPv6 address. I would like to see this functionality in RELENG_7. Thanks again for your good work, I believe many FreeBSD users will appreciate this long missed feature. Frank -- Frank Behrens, Osterwieck, Germany PGP-key 0x5B7C47ED on public servers available. _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to "[EMAIL PROTECTED]"
