summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorbmilekic <bmilekic@FreeBSD.org>2004-05-03 21:12:23 +0000
committerbmilekic <bmilekic@FreeBSD.org>2004-05-03 21:12:23 +0000
commit02ff3165cee26ce5e65e903a9c2610342958a114 (patch)
treef3c07b963f0664aa380690f28a7ce123849ea67b
parent2a2290a736c9ccb1cb3a595b920bec2c88849e15 (diff)
downloadFreeBSD-src-02ff3165cee26ce5e65e903a9c2610342958a114.zip
FreeBSD-src-02ff3165cee26ce5e65e903a9c2610342958a114.tar.gz
Ammend jail(8) man page to explain new sysctl for raw-sockets
inside jails, Christian's last submission. Submitted by: Christian S.J. Peron <maneo@bsdpro.com>
-rw-r--r--usr.sbin/jail/jail.87
1 files changed, 7 insertions, 0 deletions
diff --git a/usr.sbin/jail/jail.8 b/usr.sbin/jail/jail.8
index 83e3d2b..9248632 100644
--- a/usr.sbin/jail/jail.8
+++ b/usr.sbin/jail/jail.8
@@ -402,6 +402,13 @@ MIB variables.
Currently, these variables affect all jails on the system, although in
the future this functionality may be finer grained.
.Bl -tag -width XXX
+.It Va security.jail.allow_raw_sockets
+This MIB entry determines whether or not prison root is allowed to
+create raw sockets. Setting this MIB to 1 allows utilities like
+ping(8) and traceroute(8) to operate inside the prison. If this MIB
+is set, the source IP addresses are enforced to comply
+with the IP address bound to the jail, regardless of whether or not
+the IP_HDRINCL flag has been set on the socket.
.It Va security.jail.set_hostname_allowed
This MIB entry determines whether or not processes within a jail are
allowed to change their hostname via
OpenPOWER on IntegriCloud