https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=169751
[email protected] changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |[email protected] --- Comment #4 from [email protected] --- Processes attached to a vnet enabled jail can even write their jail's routing tables according to their privileges. This needs proper documentation of the intended behaviour with AF_ROUTE and netlink. For anyone writing tools that jail_attach() jail_set(JAIL_ATTACH) themselves (e.g. adding a -j <jname> option to an existing networking command) it would also be relevant what happens when create the socket before attaching. Would you be prevented from attaching to the jail? Would you smuggle in the capability to read (or worse modify) the parent/host networking? If the jail is assigned a FIB is it possible to query that FIB and make it the processes default FIB before or after attaching to the jail? -- You are receiving this mail because: You are the assignee for the bug.
