| jail.2 (113275) | jail.2 (115225) |
|---|---|
| 1.\" 2.\"---------------------------------------------------------------------------- 3.\""THE BEER-WARE LICENSE" (Revision 42): 4.\"<phk@FreeBSD.ORG> wrote this file. As long as you retain this notice you 5.\"can do whatever you want with this stuff. If we meet some day, and you think 6.\"this stuff is worth it, you can buy me a beer in return. Poul-Henning Kamp 7.\"---------------------------------------------------------------------------- 8.\" | 1.\" 2.\"---------------------------------------------------------------------------- 3.\""THE BEER-WARE LICENSE" (Revision 42): 4.\"<phk@FreeBSD.ORG> wrote this file. As long as you retain this notice you 5.\"can do whatever you want with this stuff. If we meet some day, and you think 6.\"this stuff is worth it, you can buy me a beer in return. Poul-Henning Kamp 7.\"---------------------------------------------------------------------------- 8.\" |
| 9.\"$FreeBSD: head/lib/libc/sys/jail.2 113275 2003-04-09 02:55:18Z mike $ | 9.\"$FreeBSD: head/lib/libc/sys/jail.2 115225 2003-05-22 13:02:28Z ru $ |
| 10.\" 11.Dd April 8, 2003 12.Dt JAIL 2 13.Os 14.Sh NAME | 10.\" 11.Dd April 8, 2003 12.Dt JAIL 2 13.Os 14.Sh NAME |
| 15.Nm jail | 15.Nm jail , jail_attach |
| 16.Nd imprison current process and future decendants 17.Sh LIBRARY 18.Lb libc 19.Sh SYNOPSIS 20.In sys/param.h 21.In sys/jail.h 22.Ft int 23.Fn jail "struct jail *jail" --- 30 unchanged lines hidden (view full) --- 54The 55.Dq Li ip_number 56can be set to the IP number assigned to the prison. 57.Pp 58The 59.Fn jail_attach 60system call attaches the current process to an existing jail, 61identified by | 16.Nd imprison current process and future decendants 17.Sh LIBRARY 18.Lb libc 19.Sh SYNOPSIS 20.In sys/param.h 21.In sys/jail.h 22.Ft int 23.Fn jail "struct jail *jail" --- 30 unchanged lines hidden (view full) --- 54The 55.Dq Li ip_number 56can be set to the IP number assigned to the prison. 57.Pp 58The 59.Fn jail_attach 60system call attaches the current process to an existing jail, 61identified by |
| 62.Va jid . | 62.Fa jid . |
| 63.Sh RETURN VALUES 64If successful, 65.Fn jail 66returns a non-negative integer, termed the jail identifier (JID). | 63.Sh RETURN VALUES 64If successful, 65.Fn jail 66returns a non-negative integer, termed the jail identifier (JID). |
| 67It returns -1 on failure, and sets | 67It returns \-1 on failure, and sets |
| 68.Va errno 69to indicate the error. 70.Pp | 68.Va errno 69to indicate the error. 70.Pp |
| 71If successful, 72.Fn jail_attach 73returns 0. 74It returns -1 on failure, and sets 75.Va errno 76to indicate the error. | 71.Rv -std jail_attach |
| 77.Sh PRISON? 78Once a process has been put in a prison, it and its decendants cannot escape 79the prison. 80.Pp 81Inside the prison, the concept of "superuser" is very diluted. In general, 82it can be assumed that nothing can be mangled from inside a prison which 83does not exist entirely inside that prison. For instance the directory 84tree below --- 51 unchanged lines hidden --- | 72.Sh PRISON? 73Once a process has been put in a prison, it and its decendants cannot escape 74the prison. 75.Pp 76Inside the prison, the concept of "superuser" is very diluted. In general, 77it can be assumed that nothing can be mangled from inside a prison which 78does not exist entirely inside that prison. For instance the directory 79tree below --- 51 unchanged lines hidden --- |