Ammend jail(8) man page to explain new sysctl for raw-sockets

inside jails, Christian's last submission. Submitted by: Christian S.J. Peron <maneo@bsdpro.com>
svn path=/head/; revision=128890
2004-05-03 21:12:23 +00:00 · 2004-05-03 21:12:23 +00:00 · 5fb5184a47 · 2020-12-20 02:59:44 +00:00
commit 5fb5184a47
parent b62093b274
1 changed files with 7 additions and 0 deletions
--- a/usr.sbin/jail/jail.8
+++ b/usr.sbin/jail/jail.8
@ -402,6 +402,13 @@ MIB variables.
 Currently, these variables affect all jails on the system, although in
 the future this functionality may be finer grained.
 .Bl -tag -width XXX
+.It Va security.jail.allow_raw_sockets
+This MIB entry determines whether or not prison root is allowed to
+create raw sockets. Setting this MIB to 1 allows utilities like
+ping(8) and traceroute(8) to operate inside the prison. If this MIB
+is set, the source IP addresses are enforced to comply
+with the IP address bound to the jail, regardless of whether or not
+the IP_HDRINCL flag has been set on the socket.
 .It Va security.jail.set_hostname_allowed
 This MIB entry determines whether or not processes within a jail are
 allowed to change their hostname via