| jail.8 (195461) | jail.8 (195870) |
|---|---|
| 1.\" 2.\" Copyright (c) 2000, 2003 Robert N. M. Watson 3.\" Copyright (c) 2008 James Gritton 4.\" All rights reserved. 5.\" 6.\" Redistribution and use in source and binary forms, with or without 7.\" modification, are permitted provided that the following conditions 8.\" are met: --- 18 unchanged lines hidden (view full) --- 27.\" 28.\" ---------------------------------------------------------------------------- 29.\" "THE BEER-WARE LICENSE" (Revision 42): 30.\" <phk@FreeBSD.ORG> wrote this file. As long as you retain this notice you 31.\" can do whatever you want with this stuff. If we meet some day, and you think 32.\" this stuff is worth it, you can buy me a beer in return. Poul-Henning Kamp 33.\" ---------------------------------------------------------------------------- 34.\" | 1.\" 2.\" Copyright (c) 2000, 2003 Robert N. M. Watson 3.\" Copyright (c) 2008 James Gritton 4.\" All rights reserved. 5.\" 6.\" Redistribution and use in source and binary forms, with or without 7.\" modification, are permitted provided that the following conditions 8.\" are met: --- 18 unchanged lines hidden (view full) --- 27.\" 28.\" ---------------------------------------------------------------------------- 29.\" "THE BEER-WARE LICENSE" (Revision 42): 30.\" <phk@FreeBSD.ORG> wrote this file. As long as you retain this notice you 31.\" can do whatever you want with this stuff. If we meet some day, and you think 32.\" this stuff is worth it, you can buy me a beer in return. Poul-Henning Kamp 33.\" ---------------------------------------------------------------------------- 34.\" |
| 35.\" $FreeBSD: head/usr.sbin/jail/jail.8 195461 2009-07-08 15:46:29Z jamie $ | 35.\" $FreeBSD: head/usr.sbin/jail/jail.8 195870 2009-07-25 14:48:57Z jamie $ |
| 36.\" | 36.\" |
| 37.Dd July 8, 2009 | 37.Dd July 25, 2009 |
| 38.Dt JAIL 8 39.Os 40.Sh NAME 41.Nm jail 42.Nd "create or modify a system jail" 43.Sh SYNOPSIS 44.Nm 45.Op Fl dhi --- 201 unchanged lines hidden (view full) --- 247Any attempts to use other addresses fail, and attempts to use wildcard 248addresses silently use the jailed address instead. 249For IPv4 the first address given will be kept used as the source address 250in case source address selection on unbound sockets cannot find a better 251match. 252It is only possible to start multiple jails with the same IP address, 253if none of the jails has more than this single overlapping IP address 254assigned to itself. | 38.Dt JAIL 8 39.Os 40.Sh NAME 41.Nm jail 42.Nd "create or modify a system jail" 43.Sh SYNOPSIS 44.Nm 45.Op Fl dhi --- 201 unchanged lines hidden (view full) --- 247Any attempts to use other addresses fail, and attempts to use wildcard 248addresses silently use the jailed address instead. 249For IPv4 the first address given will be kept used as the source address 250in case source address selection on unbound sockets cannot find a better 251match. 252It is only possible to start multiple jails with the same IP address, 253if none of the jails has more than this single overlapping IP address 254assigned to itself. |
| 255.Pp 256A list of zero elements (an empty string) will stop the jail from using IPv4 257entirely; setting the boolean parameter 258.Ar noip4 259will not restrict the jail at all. 260.It Va ip6.addr | 255.It Va ip4 256Control the availablity of IPv4 addresses. 257Possible values are 258.Dq inherit 259to allow unrestricted access to all system addresses, 260.Dq new 261to restrict addresses via 262.Va ip4.addr 263above, and 264.Dq disable 265to stop the jail from using IPv4 entirely. 266Setting the 267.Va ip4.addr 268parameter implies a value of 269.Dq new . 270.It Va ip6.addr , Va ip6 |
| 261A list of IPv6 addresses assigned to the prison, the counterpart to | 271A list of IPv6 addresses assigned to the prison, the counterpart to |
| 262.Ar ip4.addr | 272.Va ip4.addr 273and 274.Va ip4 |
| 263above. 264.It Va host.hostname 265Hostname of the prison. 266Other similar parameters are 267.Va host.domainname , 268.Va host.hostuuid 269and 270.Va host.hostid . | 275above. 276.It Va host.hostname 277Hostname of the prison. 278Other similar parameters are 279.Va host.domainname , 280.Va host.hostuuid 281and 282.Va host.hostid . |
| 271Setting the boolean parameter 272.Va nohost 273will retain the system values of these settings. | 283.It Va host 284Set the origin of hostname and related information. 285Possible values are 286.Dq inherit 287to use the system information and 288.Dq new 289for the jail to use the information from the above fields. 290Setting any of the above fields implies a value of 291.Dq new . |
| 274.It Va securelevel 275The value of the jail's 276.Va kern.securelevel 277sysctl. 278A jail never has a lower securelevel than the default system, but by 279setting this parameter it may have a higher one. 280If the system securelevel is changed, any jail securelevels will be at 281least as secure. --- 608 unchanged lines hidden --- | 292.It Va securelevel 293The value of the jail's 294.Va kern.securelevel 295sysctl. 296A jail never has a lower securelevel than the default system, but by 297setting this parameter it may have a higher one. 298If the system securelevel is changed, any jail securelevels will be at 299least as secure. --- 608 unchanged lines hidden --- |