sysctl.conf question

[fred974]

Hello,

I am in the process of tuning my /etc/sysctl.conf and /boot/loader.conf file and would like some clarification if possible. My setup consists of FreeBSD 10 with 3 jails. On my FreeBSD host I have the following in /etc/sysctl.conf:

security.jail.allow_raw_sockets=1       # (default 0)
security.jail.enforce_statfs=2          # (default 2)
security.jail.set_hostname_allowed=0    # (default 1)
security.jail.socket_unixiproute_only=1 # (default 1)
security.jail.sysvipc_allowed=0         # (default 0)
security.jail.chflags_allowed=0         # (default 0)
net.local.stream.sendspace=164240  # (default 8192)
net.local.stream.recvspace=164240  # (default 8192

My question is: when I update /etc/sysctl.conf on the jails, do I need to remove the lines above? Also is it normal that I do not have a /boot/loader.conf file in my jails?

 

[wblock@]

The setting for raw sockets in jails is a per-jail setting in FreeBSD 10.

The host and jail settings will be different because they are different systems. Many sysctl() settings are not allowed in jails, or do not make sense because they are doing different things than the host.

Jails start long after the machine has booted, and do not use loader(8), which is used to boot a physical machine. A /boot/loader.conf in a jail will not be used because the loader does not run.

 

[fred974]

Thnak you for your reply @wblock@