csjp 3006bc70da Add a super-user check to ipfw_ctl() to make sure that the calling
process is a non-prison root. The security.jail.allow_raw_sockets
sysctl variable is disabled by default, however if the user enables
raw sockets in prisons, prison-root should not be able to interact
with firewall rule sets.

Approved by:	rwatson, bmilekic (mentor)
2004-05-25 15:02:12 +00:00
..
2004-04-02 17:57:57 +00:00
2003-10-07 17:46:18 +00:00
2003-10-29 15:07:04 +00:00
2003-10-29 15:07:04 +00:00
2004-03-22 16:04:43 +00:00
2002-10-16 22:27:27 +00:00
2003-08-07 18:17:43 +00:00