On Sun, Jan 1, 2012 at 5:40 PM, Stuart Henderson <s...@spacehopper.org> wrote:
> I'm pretty sure the child will be inheriting the rdomain from the process > which forked it. > I can offer the anecdote that when I ran sshd using the route -exec wrapper my child session would exist in whatever rdomain was hosting the daemon. Ended up backing away from this approach and sticking with pf rules, so I didn't have sshd parent processes littering my machine. I'll assume you don't want to use pf to land queries on the daemon, so the next question is did you try creating a loopback address in the non-zero rdomain to get the control port you need?
