svn commit: r271545 - in head/etc: . rc.d

Hiroki Sato Sat, 13 Sep 2014 11:55:27 -0700

Author: hrs
Date: Sat Sep 13 18:54:15 2014
New Revision: 271545
URL: http://svnweb.freebsd.org/changeset/base/271545


Log:
  Do not set net.inet.ip.{sourceroute,accept_sourceroute} in a vnet jail.
  The following warnings were displayed:
  
   sysctl: net.inet.ip.sourceroute=0: Operation not permitted
   sysctl: net.inet.ip.accept_sourceroute=0: Operation not permitted

Modified:
  head/etc/rc.d/routing
  head/etc/rc.subr

Modified: head/etc/rc.d/routing
==============================================================================
--- head/etc/rc.d/routing       Sat Sep 13 18:41:24 2014        (r271544)
+++ head/etc/rc.d/routing       Sat Sep 13 18:54:15 2014        (r271545)
@@ -326,20 +326,22 @@ options_inet()
                ${SYSCTL} net.inet.ip.forwarding=0 > /dev/null
        fi
 
-       if checkyesno forward_sourceroute; then
-               ropts_init inet
-               echo -n ' do source routing=YES'
-               ${SYSCTL} net.inet.ip.sourceroute=1 > /dev/null
-       else
-               ${SYSCTL} net.inet.ip.sourceroute=0 > /dev/null
-       fi
-
-       if checkyesno accept_sourceroute; then
-               ropts_init inet
-               echo -n ' accept source routing=YES'
-               ${SYSCTL} net.inet.ip.accept_sourceroute=1 > /dev/null
-       else
-               ${SYSCTL} net.inet.ip.accept_sourceroute=0 > /dev/null
+       if ! check_jail vnet; then
+               if checkyesno forward_sourceroute; then
+                       ropts_init inet
+                       echo -n ' do source routing=YES'
+                       ${SYSCTL} net.inet.ip.sourceroute=1 > /dev/null
+               else
+                       ${SYSCTL} net.inet.ip.sourceroute=0 > /dev/null
+               fi
+
+               if checkyesno accept_sourceroute; then
+                       ropts_init inet
+                       echo -n ' accept source routing=YES'
+                       ${SYSCTL} net.inet.ip.accept_sourceroute=1 > /dev/null
+               else
+                       ${SYSCTL} net.inet.ip.accept_sourceroute=0 > /dev/null
+               fi
        fi
 
        if checkyesno arpproxy_all; then

Modified: head/etc/rc.subr
==============================================================================
--- head/etc/rc.subr    Sat Sep 13 18:41:24 2014        (r271544)
+++ head/etc/rc.subr    Sat Sep 13 18:54:15 2014        (r271545)
@@ -1966,6 +1966,22 @@ check_required_after()
        return 0
 }
 
+# check_jail mib
+#      Return true if security.jail.$mib exists and set to 1.
+
+check_jail()
+{
+       local _mib _v
+
+       _mib=$1
+       if _v=$(${SYSCTL_N} "security.jail.$_mib" 2> /dev/null); then
+               case $_v in
+               1)      return 0;;
+               esac
+       fi
+       return 1
+}
+
 # check_kern_features mib
 #      Return existence of kern.features.* sysctl MIB as true or
 #      false.  The result will be cached in $_rc_cache_kern_features_
_______________________________________________
svn-src-head@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"

svn commit: r271545 - in head/etc: . rc.d

Reply via email to