Do not set net.inet.ip.{sourceroute,accept_sourceroute} in a vnet jail.

The following warnings were displayed: sysctl: net.inet.ip.sourceroute=0: Operation not permitted sysctl: net.inet.ip.accept_sourceroute=0: Operation not permitted
author: hrs <hrs@FreeBSD.org> 2014-09-13 18:54:15 +0000
committer: hrs <hrs@FreeBSD.org> 2014-09-13 18:54:15 +0000
commit: de7f3e3c402722bf4ff53574b0312000025685af (patch)
tree: e1349e07bcb9bdf98dd7796d90ad5414228b6447 /etc/rc.subr
parent: bf4280c0a854fd618d3acdde6ca8d0b1cb0264cb (diff)
download: FreeBSD-src-de7f3e3c402722bf4ff53574b0312000025685af.zip
FreeBSD-src-de7f3e3c402722bf4ff53574b0312000025685af.tar.gz
1 files changed, 16 insertions, 0 deletions
diff --git a/etc/rc.subr b/etc/rc.subr
index ff4e898..97b631f 100644
--- a/etc/rc.subr
+++ b/etc/rc.subr
@@ -1966,6 +1966,22 @@ check_required_after()
 	return 0
 }
 
+# check_jail mib
+#	Return true if security.jail.$mib exists and set to 1.
+
+check_jail()
+{
+	local _mib _v
+
+	_mib=$1
+	if _v=$(${SYSCTL_N} "security.jail.$_mib" 2> /dev/null); then
+		case $_v in
+		1)	return 0;;
+		esac
+	fi
+	return 1
+}
+
 # check_kern_features mib
 #	Return existence of kern.features.* sysctl MIB as true or
 #	false.  The result will be cached in $_rc_cache_kern_features_
author	hrs <hrs@FreeBSD.org>	2014-09-13 18:54:15 +0000
committer	hrs <hrs@FreeBSD.org>	2014-09-13 18:54:15 +0000
commit	de7f3e3c402722bf4ff53574b0312000025685af (patch)
tree	e1349e07bcb9bdf98dd7796d90ad5414228b6447 /etc/rc.subr
parent	bf4280c0a854fd618d3acdde6ca8d0b1cb0264cb (diff)
download	FreeBSD-src-de7f3e3c402722bf4ff53574b0312000025685af.zip FreeBSD-src-de7f3e3c402722bf4ff53574b0312000025685af.tar.gz