search for: set_hostname_allowed

Bug or something, look at this <mother-mail>[~]# cat /etc/sysctl.conf security.jail.allow_raw_sockets=1 security.jail.set_hostname_allowed=0 <mother-mail>[~]# sysctl -a | grep jail security.jail.set_hostname_allowed: 1 <<<<< here security.jail.socket_unixiproute_only: 1 security.jail.sysvipc_allowed: 0 security.jail.enforce_statfs: 2 security.jail.allow_raw_sockets: 1 security.jail.chflags_allowed: 0 securit...

...0" ifconfig_rl1_alias0="inet 10.0.2.6 netmask 0xffffffff" route_0="10.0.2.6 -iface lo0" inetd_flags="-wW -a 10.0.2.1" portmap_enable="NO" --- - my sysctls for the jail are set as follows and are loaded by /etc/sysctl.conf > sysctl -a | grep jail jail.set_hostname_allowed: 0 jail.socket_unixiproute_only: 0 jail.sysvipc_allowed: 1 - my kernel is compiled with these options > grep SYSV ruby2 options SYSVSHM #SYSV-style shared memory options SYSVMSG #SYSV-style message queues options SYSVSEM #S...

I'm setting up a server where I plan to use Jails to improve security I also have installed and am configuring ipfilter. Here are my questions: Because I'm using Jails, I will have to have multiple ip aliases on the network interface. I will use ipfilter to specify what can go to each of the addresses. (e.g., allow only incoming to port 80 on the jail running apache). Another

Hello, I'm wondering about closing some information leaks in FreeBSD jails from the "outside world". Not that critical (depends on the application), but a simple user, with restricted devfs in the jail (devfsrules_jail for example from /etc/defaults/devfs.rules) can figure out the following: - network interfaces related data, via ifconfig, which contains everything, but the

...imers: 0 p1003_1b.aio_listio_max: -1 p1003_1b.aio_max: -1 p1003_1b.aio_prio_delta_max: -1 p1003_1b.delaytimer_max: 0 p1003_1b.mq_open_max: 0 p1003_1b.pagesize: 4096 p1003_1b.rtsig_max: 0 p1003_1b.sem_nsems_max: 0 p1003_1b.sem_value_max: 0 p1003_1b.sigqueue_max: 0 p1003_1b.timer_max: 0 security.jail.set_hostname_allowed: 1 security.jail.socket_unixiproute_only: 1 security.jail.sysvipc_allowed: 0 security.jail.enforce_statfs: 2 security.jail.allow_raw_sockets: 0 security.jail.chflags_allowed: 0 security.jail.jailed: 0 security.bsd.suser_enabled: 1 security.bsd.see_other_uids: 1 security.bsd.see_other_gids: 1 securi...