From 02ff3165cee26ce5e65e903a9c2610342958a114 Mon Sep 17 00:00:00 2001 From: bmilekic Date: Mon, 3 May 2004 21:12:23 +0000 Subject: [PATCH] Ammend jail(8) man page to explain new sysctl for raw-sockets inside jails, Christian's last submission. Submitted by: Christian S.J. Peron --- usr.sbin/jail/jail.8 | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/usr.sbin/jail/jail.8 b/usr.sbin/jail/jail.8 index 83e3d2b669b..9248632da33 100644 --- a/usr.sbin/jail/jail.8 +++ b/usr.sbin/jail/jail.8 @@ -402,6 +402,13 @@ MIB variables. Currently, these variables affect all jails on the system, although in the future this functionality may be finer grained. .Bl -tag -width XXX +.It Va security.jail.allow_raw_sockets +This MIB entry determines whether or not prison root is allowed to +create raw sockets. Setting this MIB to 1 allows utilities like +ping(8) and traceroute(8) to operate inside the prison. If this MIB +is set, the source IP addresses are enforced to comply +with the IP address bound to the jail, regardless of whether or not +the IP_HDRINCL flag has been set on the socket. .It Va security.jail.set_hostname_allowed This MIB entry determines whether or not processes within a jail are allowed to change their hostname via -- 2.45.2