|Summary:||Allow ability to use socket option SO_REUSEPORT_LB in jail|
|Product:||Base System||Reporter:||Dmitry Wagin <dmitry.wagin>|
|Component:||kern||Assignee:||freebsd-jail (Nobody) <jail>|
|Severity:||Affects Some People||CC:||ae, drtr0jan, emaste, pi|
Description Dmitry Wagin 2020-07-16 21:25:05 UTC
Created attachment 216500 [details] SO_REUSEPORT_LB.diff Now socket option SO_REUSEPORT_LB in jail does not work as intended
Comment 1 Andrey V. Elsukov 2020-07-17 08:09:09 UTC
Can you explain the reason you want this feature? It seems to me that this was explicitly disallowed for security reason. E.g. You have host that provides jails and some load-balanced service, and jailed user can not run some bad service to join to load-balanced service. With your patch this seems possible.
Comment 2 Dmitry Wagin 2020-07-17 08:25:36 UTC
(In reply to Andrey V. Elsukov from comment #1) without this it is impossible: * running load-balanced service in single jail * running load-balanced service in multiple jails plus tasks to minimize downtime during upgrades services running in jail
Comment 3 Dmitry Wagin 2020-07-17 11:04:59 UTC
(In reply to Andrey V. Elsukov from comment #1) > E.g. You have host that provides jails and some load-balanced service, and > jailed user can not run some bad service to join to load-balanced service. > With your patch this seems possible. VNET should solve this problem?