[nycbug-talk] FBSD 5.4 jails. . .

Mon Apr 18 23:26:19 EDT 2005

On Apr 18, 2005, at 11:20 PM, George R. wrote:

> I don't know if I didn't get that far in the man page for jail (8) 
> before, but there's some funky new lock-downs and configurability.
>
> These are all for /etc/sysctl.conf in the host or master jail. . .
>
> security.jail.set_hostname_allowed=0 	#individual jails can't set 
> hostnames
>
> security.jail.allow_raw_sockets=1	#allows raw sockets for ping, 
> traceroute, etc. . . it's =0 by default, so this can be a downgrade in 
> security
>
> Anyway, jailing in FBSD 5.3 was kind of a mess, but it seems that 
> things are back on track. . . phew.
>
> George

Even niceties like top are working aok now too!  :)

Rocket-
.ike