Sam Leffler wrote:
Jamie Gritton wrote:
Author: jamie
Date: Wed Jul 29 16:41:02 2009
New Revision: 195944
URL: http://svn.freebsd.org/changeset/base/195944
Log:
Change the default value of the "ip4" and "ip6" jail parameters to
"disable", which only allows access to the parent/physical system's
IP addresses when specifically directed. Change the default value of
"host" to "new", and don't copy the parent host values, to insulate
jails from the parent hostname et al.
This does not say why you're making these changes; please explain.
My apologies. The ip4/6 change fixed an error with the old-style
command line of jail(8), where specifying IPv4 address(es) but not IPv6
addresses would allow access to the full IPv6 stack, a regression from
7.2 which allows only specifically noted IPv6 addresses. This could
have been fixed in jail(8), but the default to act like the current jail
implementation even for new-style command lines made more sense, and the
kernel is the place for such policy points.
The host change arose from a discrepancy between the it and the "linux"
parameters that control the Linux MIB entries. These had different
defaults for no reason other than I coded them at different times
without a lot of thought as to what the most reasonable default would
be. I also made a cleaner break with the parent system when one value
(typically host.hostname) is set and the others aren't - it didn't make
sense to copy some and set others.
- Jamie
_______________________________________________
svn-src-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
