jail.8 (193065) | jail.8 (193066) |
---|---|
1.\" 2.\" Copyright (c) 2000, 2003 Robert N. M. Watson 3.\" Copyright (c) 2008 James Gritton 4.\" All rights reserved. 5.\" 6.\" Redistribution and use in source and binary forms, with or without 7.\" modification, are permitted provided that the following conditions 8.\" are met: --- 18 unchanged lines hidden (view full) --- 27.\" 28.\" ---------------------------------------------------------------------------- 29.\" "THE BEER-WARE LICENSE" (Revision 42): 30.\" <phk@FreeBSD.ORG> wrote this file. As long as you retain this notice you 31.\" can do whatever you want with this stuff. If we meet some day, and you think 32.\" this stuff is worth it, you can buy me a beer in return. Poul-Henning Kamp 33.\" ---------------------------------------------------------------------------- 34.\" | 1.\" 2.\" Copyright (c) 2000, 2003 Robert N. M. Watson 3.\" Copyright (c) 2008 James Gritton 4.\" All rights reserved. 5.\" 6.\" Redistribution and use in source and binary forms, with or without 7.\" modification, are permitted provided that the following conditions 8.\" are met: --- 18 unchanged lines hidden (view full) --- 27.\" 28.\" ---------------------------------------------------------------------------- 29.\" "THE BEER-WARE LICENSE" (Revision 42): 30.\" <phk@FreeBSD.ORG> wrote this file. As long as you retain this notice you 31.\" can do whatever you want with this stuff. If we meet some day, and you think 32.\" this stuff is worth it, you can buy me a beer in return. Poul-Henning Kamp 33.\" ---------------------------------------------------------------------------- 34.\" |
35.\" $FreeBSD: head/usr.sbin/jail/jail.8 193065 2009-05-29 21:17:22Z jamie $ | 35.\" $FreeBSD: head/usr.sbin/jail/jail.8 193066 2009-05-29 21:27:12Z jamie $ |
36.\" | 36.\" |
37.Dd May 27, 2009 | 37.Dd May 29, 2009 |
38.Dt JAIL 8 39.Os 40.Sh NAME 41.Nm jail 42.Nd "create or modify a system jail" 43.Sh SYNOPSIS 44.Nm 45.Op Fl dhi --- 212 unchanged lines hidden (view full) --- 258.Ar noip4 259will not restrict the jail at all. 260.It Va ip6.addr 261A list of IPv6 addresses assigned to the prison, the counterpart to 262.Ar ip4.addr 263above. 264.It Va host.hostname 265Hostname of the prison. | 38.Dt JAIL 8 39.Os 40.Sh NAME 41.Nm jail 42.Nd "create or modify a system jail" 43.Sh SYNOPSIS 44.Nm 45.Op Fl dhi --- 212 unchanged lines hidden (view full) --- 258.Ar noip4 259will not restrict the jail at all. 260.It Va ip6.addr 261A list of IPv6 addresses assigned to the prison, the counterpart to 262.Ar ip4.addr 263above. 264.It Va host.hostname 265Hostname of the prison. |
266If not specified, a jail will use the system hostname. | 266Other similar parameters are 267.Va host.domainname , 268.Va host.hostuuid 269and 270.Va host.hostid . 271Setting the boolean parameter 272.Va nohost 273will retain the system values of these settings. |
267.It Va securelevel 268The value of the jail's 269.Va kern.securelevel 270sysctl. 271A jail never has a lower securelevel than the default system, but by 272setting this parameter it may have a higher one. 273If the system securelevel is changed, any jail securelevels will be at 274least as secure. --- 457 unchanged lines hidden (view full) --- 732can be used to determine if a process is running inside a jail (value 733is one) or not (value is zero). 734.Pp 735The variable 736.Va security.jail.max_af_ips 737determines how may address per address family a prison may have. 738The default is 255. 739.Pp | 274.It Va securelevel 275The value of the jail's 276.Va kern.securelevel 277sysctl. 278A jail never has a lower securelevel than the default system, but by 279setting this parameter it may have a higher one. 280If the system securelevel is changed, any jail securelevels will be at 281least as secure. --- 457 unchanged lines hidden (view full) --- 739can be used to determine if a process is running inside a jail (value 740is one) or not (value is zero). 741.Pp 742The variable 743.Va security.jail.max_af_ips 744determines how may address per address family a prison may have. 745The default is 255. 746.Pp |
740There are currently two MIB variables that have per-jail settings. | 747Some MIB variables have per-jail settings. |
741Changes to these variables by a jailed process do not effect the host 742environment, only the jail environment. | 748Changes to these variables by a jailed process do not effect the host 749environment, only the jail environment. |
743The variables are 744.Va kern.securelevel | 750These variables are 751.Va kern.securelevel , 752.Va kern.hostname , 753.Va kern.domainname , 754.Va kern.hostid , |
745and | 755and |
746.Va kern.hostname . | 756.Va kern.hostuuid . |
747.Ss "Hierarchical Jails" 748By setting a jail's 749.Va allow.jails 750parameter, processes within a jail may be able to create jails of their own. 751These child jails are kept in a hierarchy, with jails only able to see and/or 752modify the jails they created (or those jails' children). 753Each jail has a read-only 754.Va parent --- 118 unchanged lines hidden --- | 757.Ss "Hierarchical Jails" 758By setting a jail's 759.Va allow.jails 760parameter, processes within a jail may be able to create jails of their own. 761These child jails are kept in a hierarchy, with jails only able to see and/or 762modify the jails they created (or those jails' children). 763Each jail has a read-only 764.Va parent --- 118 unchanged lines hidden --- |