diff options
author | bmilekic <bmilekic@FreeBSD.org> | 2004-05-03 21:12:23 +0000 |
---|---|---|
committer | bmilekic <bmilekic@FreeBSD.org> | 2004-05-03 21:12:23 +0000 |
commit | 02ff3165cee26ce5e65e903a9c2610342958a114 (patch) | |
tree | f3c07b963f0664aa380690f28a7ce123849ea67b | |
parent | 2a2290a736c9ccb1cb3a595b920bec2c88849e15 (diff) | |
download | FreeBSD-src-02ff3165cee26ce5e65e903a9c2610342958a114.zip FreeBSD-src-02ff3165cee26ce5e65e903a9c2610342958a114.tar.gz |
Ammend jail(8) man page to explain new sysctl for raw-sockets
inside jails, Christian's last submission.
Submitted by: Christian S.J. Peron <maneo@bsdpro.com>
-rw-r--r-- | usr.sbin/jail/jail.8 | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/usr.sbin/jail/jail.8 b/usr.sbin/jail/jail.8 index 83e3d2b..9248632 100644 --- a/usr.sbin/jail/jail.8 +++ b/usr.sbin/jail/jail.8 @@ -402,6 +402,13 @@ MIB variables. Currently, these variables affect all jails on the system, although in the future this functionality may be finer grained. .Bl -tag -width XXX +.It Va security.jail.allow_raw_sockets +This MIB entry determines whether or not prison root is allowed to +create raw sockets. Setting this MIB to 1 allows utilities like +ping(8) and traceroute(8) to operate inside the prison. If this MIB +is set, the source IP addresses are enforced to comply +with the IP address bound to the jail, regardless of whether or not +the IP_HDRINCL flag has been set on the socket. .It Va security.jail.set_hostname_allowed This MIB entry determines whether or not processes within a jail are allowed to change their hostname via |