Displaying 1 result from an estimated 1 matches for "ripcbinfo".
2004 Apr 20
1
[patch] Raw sockets in jails
...gt;
+#include <sys/jail.h>
#include <sys/kernel.h>
#include <sys/lock.h>
#include <sys/mac.h>
@@ -505,6 +506,7 @@
}
}
+extern int jail_allow_raw_sockets;
u_long rip_sendspace = RIPSNDQ;
u_long rip_recvspace = RIPRCVQ;
@@ -527,7 +529,11 @@
INP_INFO_WUNLOCK(&ripcbinfo);
return EINVAL;
}
- if (td && (error = suser(td)) != 0) {
+ if (td && jailed(td->td_ucred) && !jail_allow_raw_sockets) {
+ INP_INFO_WUNLOCK(&ripcbinfo);
+ return (EPERM);
+ }
+ if (td && (error = suser_cred(td->td_ucred, PRISON_ROOT)) != 0) {
INP...