[nycbug-talk] FBSD 5.4 jails. . .

George R. george
Mon Apr 18 23:20:34 EDT 2005


I don't know if I didn't get that far in the man page for jail (8) 
before, but there's some funky new lock-downs and configurability.

These are all for /etc/sysctl.conf in the host or master jail. . .

security.jail.set_hostname_allowed=0 	#individual jails can't set 
hostnames

security.jail.allow_raw_sockets=1	#allows raw sockets for ping, 
traceroute, etc. . . it's =0 by default, so this can be a downgrade in 
security

Anyway, jailing in FBSD 5.3 was kind of a mess, but it seems that 
things are back on track. . . phew.

George





More information about the talk mailing list