Quoting Allan Jude <allanj...@freebsd.org> (from Tue, 6 Jun 2017 02:15:01 +0000 (UTC)):
Author: allanjude Date: Tue Jun 6 02:15:00 2017 New Revision: 319611 URL: https://svnweb.freebsd.org/changeset/base/319611 Log: Jails: Optionally prevent jailed root from binding to privileged ports You may now optionally specify allow.noreserved_ports to prevent root inside a jail from using privileged ports (less than 1024)
What about a different name than "noreserved_ports"? This is very close to "nonreserverd_ports", and as such it's easy to get wrong the first time. IMO "block_reserved_ports" and "noblock_reserved_ports" (or another similar explicit wording) is less likely to get misunderstood (please take potential lack of language learning skills into account...).
Modified: head/sys/kern/kern_jail.c
==============================================================================
--- head/sys/kern/kern_jail.c Tue Jun 6 02:03:22 2017 (r319610)
+++ head/sys/kern/kern_jail.c Tue Jun 6 02:15:00 2017 (r319611)
@@ -199,6 +199,7 @@ static char *pr_allow_names[] = {
"allow.mount.fdescfs",
"allow.mount.linprocfs",
"allow.mount.linsysfs",
+ "allow.reserved_ports",
};
const size_t pr_allow_names_size = sizeof(pr_allow_names);
@@ -218,10 +219,11 @@ static char *pr_allow_nonames[] = {
"allow.mount.nofdescfs",
"allow.mount.nolinprocfs",
"allow.mount.nolinsysfs",
+ "allow.noreserved_ports",
Bye, Alexander. -- http://www.Leidinger.net alexan...@leidinger.net: PGP 0x8F31830F9F2772BF http://www.FreeBSD.org netch...@freebsd.org : PGP 0x8F31830F9F2772BF
pgpoY4_dbmIMD.pgp
Description: Digitale PGP-Signatur
