Diogo Dalfovo wrote: > Boa tarde Danilo > > Segue o sysctl da maquina base. > > [r...@teste]# sysctl -a |grep jail > security.jail.param.cpuset.id: 0 > security.jail.param.host.hostid: 0 > security.jail.param.host.hostuuid: 64 > security.jail.param.host.domainname: 256 > security.jail.param.host.hostname: 256 > security.jail.param.children.max: 0 > security.jail.param.children.cur: 0 > security.jail.param.enforce_statfs: 0 > security.jail.param.securelevel: 0 > security.jail.param.path: 1024 > security.jail.param.name: 256 > security.jail.param.parent: 0 > security.jail.param.jid: 0 > security.jail.enforce_statfs: 2 > security.jail.mount_allowed: 0 > security.jail.chflags_allowed: 0 > *security.jail.allow_raw_sockets: 1* > security.jail.sysvipc_allowed: 0 > security.jail.socket_unixiproute_only: 1 > security.jail.set_hostname_allowed: 1 > security.jail.jail_max_af_ips: 255 > security.jail.jailed: 0 > > Mesmo assim nao vai ... > > Diogo Dalfovo > ------------------------- > Histórico: http://www.fug.com.br/historico/html/freebsd/ > Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd > Vamos lá...
no 8.0 mudou todo o esquema de gerenciamento de Jails, por isso é *MUITO IMPORTANTE* ler o man, essa informação tem lá documentadinha... vou extrair o trecho para você: allow.* Some restrictions of the jail environment may be set on a per- jail basis. With the exception of allow.set_hostname, these boolean parameters are off by default. ... allow.raw_sockets The prison root is allowed to create raw sockets. Set‐ ting this parameter allows utilities like ping(8) and traceroute(8) to operate inside the prison. If this is set, the source IP addresses are enforced to comply with the IP address bound to the jail, regardless of whether or not the IP_HDRINCL flag has been set on the socket. Since raw sockets can be used to configure and interact with various network subsystems, extra caution should be used where privileged access to jails is given out to untrusted parties. resumindo, não é mais setado via sysctl, mas como parametro do comando "jail" -- Luiz Gustavo Costa (Powered by BSD) *+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+ mundoUnix - Consultoria em Software Livre http://www.mundounix.com.br ICQ: 2890831 / MSN: cont...@mundounix.com.br Tel: 55 (21) 2642-3799 / 75820594 Blog: http://www.luizgustavo.pro.br ------------------------- Histórico: http://www.fug.com.br/historico/html/freebsd/ Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd
