9.1-BETA1 cannot ping inside of ports jail

[malco_2001]

When running ping inside of ports jail I get a message that the socket operation has been denied. Looking in /etc/sysctl.conf shows that socket operations should be enabled for jails. Is this normal or for the warden?

[Abdul]

I have the same in a regular jail.

[kmoore134]

This is disabled for security reasons by default. To enable run this
command via the CLI:

# warden set flags <jail ip> allow.raw_sockets=true

[mjollnir]

Originally Posted by kmoore134

This is disabled for security reasons by default. To enable run this command via the CLI: # warden set flags <jail ip> allow.raw_sockets=true

As long you do not document it in the application and the manual (before or when you write the code), it's a bug (severety: blocker, IMHO).
Once you documented it, it's a feature.

No one wants to read "traditional jail - best for servers", beeing asked for an IP number, and then not be able to ping; and then crowl the net for hours to find the solution.

Unfortunately, this is true for far too many "features" of PC-BSD. There are many many undocumented hidden assertions hard-coded in the config scripts. To say it politely, that's sub-optimal. To say it clear: that's very bad programming style and the root of many subtle bugs and surprises.
--
=|o)