uid/gid testy v ipfw s debug.mpsafenet=1

Radim Kolar hsn at netmag.cz
Fri Aug 18 12:34:53 CEST 2006

Previous message: nohup
Next message: uid/gid testy v ipfw s debug.mpsafenet=1
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

v man ipfw se pise:
     Rules which use uid, gid or jail based matching should be used only if
     debug.mpsafenet=0 to avoid possible deadlocks due to layering violations
     in its implementation.

podobne varovani jsem nasel v http://www.freebsd.org/releases/5.3R/errata.html

More specifically, the group and user filter parameters in pf(4), and the gid,
jail, and uid rule options in ipfw(4) are affected. If debug.mpsafenet is set
to 1, the system can hang when the rule is evaluated due to a lock order
reversal with the socket layer. More details can be found in the ipfw(8) and
pf.conf(5) manual pages.

protoze mne s mpsafenet=1 to nepada a ta zminka je u 5.3, tak nebylo to nahodou
uz opraveno?  submitnul bych pr, aby to odstranili z dokumentace. Asi by to
chtelo testovat s kernelem, ktery ma witness, ten ale poruce zrovna nemam.
Nechcete to nekdo testnout?

Previous message: nohup
Next message: uid/gid testy v ipfw s debug.mpsafenet=1
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Users-l mailing list