Allow explicitly assigned IPv4 loopback address to be used in jails

Description

Allow explicitly assigned IPv4 loopback address to be used in jails

If a jail has an explicitly assigned loopback address then allow it to be
used instead of remapping requests for the loopback adddress to the first
IPv4 address assigned to the jail.

This fixes issues where applications attempt to detect their bound port
where they requested a loopback address, which was available, but instead
the kernel remapped it to the jails first address.

A example of this is binding nginx to 127.0.0.1 and then running "service
nginx upgrade" which before this change would cause nginx to fail.

Also:

  • Correct the description of prison_check_ip4_locked to match the code.

MFC after: 2 weeks
Relnotes: Yes
Sponsored by: Multiplay

Details

Committed
smhMar 31 2017, 12:41 AM
Parents
rS316312: sys/geom/eli: Switch bzero() to explicit_bzero() for sensitive data
Branches
Unknown
Tags
Unknown