jail.8 (130136) | jail.8 (131500) |
---|---|
1.\" 2.\" Copyright (c) 2000, 2003 Robert N. M. Watson 3.\" All rights reserved. 4.\" 5.\" Redistribution and use in source and binary forms, with or without 6.\" modification, are permitted provided that the following conditions 7.\" are met: 8.\" 1. Redistributions of source code must retain the above copyright --- 17 unchanged lines hidden (view full) --- 26.\" 27.\" ---------------------------------------------------------------------------- 28.\" "THE BEER-WARE LICENSE" (Revision 42): 29.\" <phk@FreeBSD.ORG> wrote this file. As long as you retain this notice you 30.\" can do whatever you want with this stuff. If we meet some day, and you think 31.\" this stuff is worth it, you can buy me a beer in return. Poul-Henning Kamp 32.\" ---------------------------------------------------------------------------- 33.\" | 1.\" 2.\" Copyright (c) 2000, 2003 Robert N. M. Watson 3.\" All rights reserved. 4.\" 5.\" Redistribution and use in source and binary forms, with or without 6.\" modification, are permitted provided that the following conditions 7.\" are met: 8.\" 1. Redistributions of source code must retain the above copyright --- 17 unchanged lines hidden (view full) --- 26.\" 27.\" ---------------------------------------------------------------------------- 28.\" "THE BEER-WARE LICENSE" (Revision 42): 29.\" <phk@FreeBSD.ORG> wrote this file. As long as you retain this notice you 30.\" can do whatever you want with this stuff. If we meet some day, and you think 31.\" this stuff is worth it, you can buy me a beer in return. Poul-Henning Kamp 32.\" ---------------------------------------------------------------------------- 33.\" |
34.\" $FreeBSD: head/usr.sbin/jail/jail.8 130136 2004-06-05 20:27:10Z ru $ | 34.\" $FreeBSD: head/usr.sbin/jail/jail.8 131500 2004-07-02 23:13:00Z ru $ |
35.\" 36.Dd April 8, 2003 37.Dt JAIL 8 38.Os 39.Sh NAME 40.Nm jail 41.Nd "imprison process and its descendants" 42.Sh SYNOPSIS --- 375 unchanged lines hidden (view full) --- 418and 419.Xr traceroute 8 420to operate inside the prison. 421If this MIB 422is set, the source IP addresses are enforced to comply 423with the IP address bound to the jail, regardless of whether or not 424the 425.Dv IP_HDRINCL | 35.\" 36.Dd April 8, 2003 37.Dt JAIL 8 38.Os 39.Sh NAME 40.Nm jail 41.Nd "imprison process and its descendants" 42.Sh SYNOPSIS --- 375 unchanged lines hidden (view full) --- 418and 419.Xr traceroute 8 420to operate inside the prison. 421If this MIB 422is set, the source IP addresses are enforced to comply 423with the IP address bound to the jail, regardless of whether or not 424the 425.Dv IP_HDRINCL |
426flag has been set on the socket. Since raw sockets can be used to configure | 426flag has been set on the socket. 427Since raw sockets can be used to configure |
427and interact with various network subsystems, extra caution should be used | 428and interact with various network subsystems, extra caution should be used |
428where privileged access to jails is given out to untrusted parties. As such, | 429where privileged access to jails is given out to untrusted parties. 430As such, |
429by default this option is disabled. 430.It Va security.jail.getfsstatroot_only 431This MIB entry determines whether or not processes within a jail are able 432to see data for all mountpoints. 433When set to 1 (default), the 434.Xr getfsstat 2 435system call returns only (when called by jailed processes) the data for 436the file system on which the jail's root vnode is located. --- 110 unchanged lines hidden --- | 431by default this option is disabled. 432.It Va security.jail.getfsstatroot_only 433This MIB entry determines whether or not processes within a jail are able 434to see data for all mountpoints. 435When set to 1 (default), the 436.Xr getfsstat 2 437system call returns only (when called by jailed processes) the data for 438the file system on which the jail's root vnode is located. --- 110 unchanged lines hidden --- |