370034 |
24-Jun-2021 |
jamie |
jail: Don't allow substitution of valueless jail parameters. PR: 256544 Reported by: cryptogranny at gmail.com
(cherry picked from commit 5bf6dca2c6dbf63d382e97905e205ded3e8525d2)
Git Hash: 75befde07bdf1e3059c8c5e8928a695e5e59d698 Git Author: jamie@FreeBSD.org |
370002 |
16-Jun-2021 |
git2svn |
Fix test case header function name
This restores the expected behavior (skip) when running with non-root user
MFC after: 3 days Differential Revision: https://reviews.freebsd.org/D30584
(cherry picked from commit 847b7d505490ae407a5c876e14e7788a4add7737)
Git Hash: bd1139898643dd54529c464e6ff66011d6388b3e Git Author: sigsys@gmail.com |
369582 |
09-Apr-2021 |
jamie |
MFC jail: fix jail(8) synposis and usage message to match reality.
Reported by: yuri PR: 254741 MFC after: 5 days
(cherry picked from commit 8c1d956ffa0355ece3b63ea8587938176f87f072)
Git Hash: 73b04801b3163417cff33b279f1bc42451f20009 Git Author: jamie@FreeBSD.org |
360112 |
20-Apr-2020 |
eugen |
MFC r360040: jail(8): improve manual and usage information with more clear description for "jail -e" mode to show that it does not take additional jail name argument.
Reported by: David Marec <david.marec@davenulle.org> |
352561 |
20-Sep-2019 |
mizhka |
MFC r352263:
[jail] removal by jid doesn't trigger pre/post stop scripts
This commit fixes bug: command "jail -r" didn't trigger pre/post stop commands (and others) defined in config file if jid is specified insted of name. Also it adds basic tests for usr.sbin/jail to avoid regression.
Reviewed by: jamie, kevans, ray Differential Revision: https://reviews.freebsd.org/D21328 |
352280 |
13-Sep-2019 |
bapt |
MFC r352119-r352124, r352130
Stop linking to libl by specifying we do not need yywrap |
344250 |
18-Feb-2019 |
marck |
MFC: r343164
Clarify error messages a bit.
X-Found-With: r343112 Reviewed by: eugen (implicitly, when r343112 analysis) |
344195 |
16-Feb-2019 |
eugen |
MFC r343112: jail(8): stop crashing with SIGSEGV inside run_command() function while processing not entirely correct jail.conf(5) file having something like "ip4.addr = 127.0.0.1;" and no "ip4 = ...;" so extrap variable stays NULL.
Reported by: marck |
341790 |
10-Dec-2018 |
eugen |
MFC r340319: jail(8): introduce new command option -e to exhibit a list of configured non-wildcard jails with their parameters, no matter running or not.
The option -e takes separator argument that is used to separate printed parameters. It will be used with following additions to system periodic scripts to differentiate parts of directory tree belonging jails as opposed to host's. |
339446 |
20-Oct-2018 |
jamie |
MFC r339409, r339420:
Add a new jail permission, allow.read_msgbuf. When true, jailed processes can see the dmesg buffer (this is the current behavior). When false (the new default), dmesg will be unavailable to jailed users, whether root or not.
The security.bsd.unprivileged_read_msgbuf sysctl still works as before, controlling system-wide whether non-root users can see the buffer.
PR: 211580 Submitted by: bz |
338090 |
20-Aug-2018 |
jamie |
MFC r337867:
Don't let clobber jailparam values when checking for modification of init-only parameters.
PR: 230487 Submitted by: Jason Mader |
330449 |
05-Mar-2018 |
eadler |
MFC r326276:
various: general adoption of SPDX licensing ID tags.
Mainly focus on files that use BSD 2-Clause license, however the tool I was using misidentified many licenses so this was mostly a manual - error prone - task.
The Software Package Data Exchange (SPDX) group provides a specification to make it easier for automated tools to detect and summarize well known opensource licenses. We are gradually adopting the specification, noting that the tags are considered only advisory and do not, in any way, superceed or replace the license texts.
No functional change intended. |
316192 |
30-Mar-2017 |
jamie |
MFC r316022,r316023:
Fix hexadecimal escape codes in jail.conf(5).
PR: 218154 Submitted by: Masahiro Konishi <mkonishi@sea.plala.or.jp> |
311755 |
09-Jan-2017 |
delphij |
MFC r310614: Don't assign rtjp twice. |
302954 |
17-Jul-2016 |
jamie |
MFC r302856:
Fix up the order in which jail creation processes are run, to preserve the config file's order in the non-parallel-start case.
PR: 209112 Approved by: re (gjb) |
302408 |
08-Jul-2016 |
gjb |
Copy head@r302406 to stable/11 as part of the 11.0-RELEASE cycle. Prune svn:mergeinfo from the new branch, as nothing has been merged here.
Additional commits post-branch will follow.
Approved by: re (implicit) Sponsored by: The FreeBSD Foundation |
298888 |
01-May-2016 |
jamie |
typo
Submitted by: Jimmy Olgeni
|
298886 |
01-May-2016 |
pfg |
usr.sbin: minor spelling fixes on comments.
No functional change.
|
298863 |
30-Apr-2016 |
jamie |
Clarify when happens when there is a "depend" parameter in jail.conf, and how this affects the "jail_list" option in rc.conf.
|
298585 |
25-Apr-2016 |
jamie |
Encapsulate SYSV IPC objects in jails. Define per-module parameters sysvmsg, sysvsem, and sysvshm, with the following bahavior:
inherit: allow full access to the IPC primitives. This is the same as the current setup with allow.sysvipc is on. Jails and the base system can see (and moduly) each other's objects, which is generally considered a bad thing (though may be useful in some circumstances).
disable: all no access, same as the current setup with allow.sysvipc off.
new: A jail may see use the IPC objects that it has created. It also gets its own IPC key namespace, so different jails may have their own objects using the same key value. The parent jail (or base system) can see the jail's IPC objects, but not its keys.
PR: 48471 Submitted by: based on work by kikuchan98@gmail.com MFC after: 5 days
|
298584 |
25-Apr-2016 |
jamie |
Note the existence of module-specific jail paramters, starting with the linux.* parameters when linux emulation is loaded.
MFC after: 5 days
|
298562 |
25-Apr-2016 |
jamie |
Make jail(8) interpret escape codes in fstab the same as getfsent(3).
PR: 208663 MFC after: 3 days
|
298107 |
16-Apr-2016 |
gjb |
Merge the projects/release-pkg branch to head.
This allows packaging the base system with pkg(8), including but not limited to providing the ability to provide upstream binary update possibilities for non-tier-1 architectures.
This merge is a requirement of the 11.0-RELEASE, and as such, thank you to everyone that has tested the project branch.
Documentation in build(7) etc. is still somewhat sparse, but updates to those parts will follow.
Sponsored by: The FreeBSD Foundation
|
298098 |
16-Apr-2016 |
gjb |
Final pass through bogus svn:mergeinfo removal.
Note, paths part of 'contrib' were left alone for now.
Sponsored by: The FreeBSD Foundation
|
296417 |
05-Mar-2016 |
dim |
Upgrade our copies of clang, llvm, lldb and compiler-rt to 3.8.0 release.
Please note that from 3.5.0 onwards, clang, llvm and lldb require C++11 support to build; see UPDATING for more information.
Release notes for llvm and clang will soon be available here: <http://llvm.org/releases/3.8.0/docs/ReleaseNotes.html> <http://llvm.org/releases/3.8.0/tools/clang/docs/ReleaseNotes.html>
Thanks to Ed Maste, Roman Divacky, Davide Italiano and Antoine Brodin for their help.
Relnotes: yes
|
295989 |
24-Feb-2016 |
bdrewery |
DIRDEPS_BUILD: Regenerate without local dependencies.
These are no longer needed after the recent 'beforebuild: depend' changes and hooking DIRDEPS_BUILD into a subset of FAST_DEPEND which supports skipping 'make depend'.
Sponsored by: EMC / Isilon Storage Division
|
295468 |
10-Feb-2016 |
jamie |
Remove man page references to rndassociates.com, which has been taken over by a domain squatter.
|
294196 |
16-Jan-2016 |
jamie |
Don't bother checking an ip[46].addr netmask/prefixlen. This is already handled by ifconfig, and it was doing it wrong when the paramater included extra ifconfig options.
PR: 205926 MFC after: 5 days
|
294183 |
16-Jan-2016 |
jamie |
Clear errno before calling getpw*.
|
291558 |
01-Dec-2015 |
bdrewery |
Update dependencies after r291406 added libelf to libkvm.
Unfortunately filemon/meta mode tracks all indirect dependencies here since ld(1) is reading libelf when linking in libkvm. Churn would be reduced if this was able to be limited to direct dependencies.
Sponsored by: EMC / Isilon Storage Division
|
290494 |
07-Nov-2015 |
bapt |
Improve collation string and locales support
Merge collation support from Illumos and DragonflyBSD.
Locales are now generated with the new localedef(1) tool from CLDR POSIX files. The generated files are now identified as "BSD 1.0" format.
The libc now only read "BSD 1.0" locales definitions, all other version will be set to "C" The localedef(1) tool has been imported from Illumos and modified to use tree(3) instead of the CDDL avl(3) A set of tool created by edwin@ and extended by marino@ for dragonfly has been added to be able to generate locales and the Makefiles from the vanilla CLDR unicode databases + a universal UTF-8 charmap (by marino@) Update the locales to unicode v27 Given our regex(3) does not support multibyte (yet) it has been forced to always use locale C Remove now unused colldef(1) and mklocale(1) Finish implementing the numeric BSD extension for ctypes The number of supported locales has grown from 175 to 250 locales. Among the new locales: 6 Arabic locales (AE EG JO MA QA SA), Different variations of spanish locales. Added new 3 components locales for mn_Cyrl_MN, sr_Cyrl_RS sr_Latn_RS, zh_Hans_CN, zh_Hant_HK and zh_Hant_TW. Some aliases has been for 2 components version when possible.
Thanks: Garrett D'Amore (Illumos) who made sure all his work was done under BSD license!, Edwin Groothuis (edwin@) for the work he made on tools to be able to generate locales definition usable in freebsd sources out of vanilla CLDR definitions, John Marino (DragonflyBSD) who first merge the Illumos work into Dragonfly and spent hours tracking down bugs.
|
290102 |
28-Oct-2015 |
bapt |
Merge mpsutil(8) branch
mpsutil(8)/mprutil(8) are new utilities for managing LSI Fusion-MPT 2/3 controllers (mps(4) and mpr(4))
For now only informational commands have been implemented.
This utility has been written by scottl@ [1] and polished by myself[2]
Submitted by: scottl Discussed with: scottl Relnotes: yes Sponsored by: Netflix [1] Sponsored by: Gandi.net [2]
|
289677 |
21-Oct-2015 |
eadler |
Fix a ton of speelling errors
arc lint is helpful
Reviewed By: allanjude, wblock, #manpages, chris@bsdjunk.com Differential Revision: https://reviews.freebsd.org/D3337
|
288943 |
06-Oct-2015 |
dim |
Upgrade our copies of clang, llvm, lldb, compiler-rt and libc++ to 3.7.0 release.
Please note that from 3.5.0 onwards, clang, llvm and lldb require C++11 support to build; see UPDATING for more information.
Release notes for llvm and clang can be found here: <http://llvm.org/releases/3.7.0/docs/ReleaseNotes.html> <http://llvm.org/releases/3.7.0/tools/clang/docs/ReleaseNotes.html>
Thanks to Ed Maste, Andrew Turner and Antoine Brodin for their help.
Exp-run: antoine Relnotes: yes
|
285869 |
25-Jul-2015 |
dru |
Fix transposed words in man page.
PR: 201752 Reviewed by: bcr MFC after: 3 days Sponsored by: Essen FreeBSD Hackathon
|
285685 |
19-Jul-2015 |
araujo |
Add support to the jail framework to be able to mount linsysfs(5) and linprocfs(5).
Differential Revision: D2846 Submitted by: Nikolai Lifanov <lifanov@mail.lifanov.com> Reviewed by: jamie
|
285279 |
08-Jul-2015 |
hrs |
Implement PF_IMMUTABLE flag and apply it to "name" and "jid" in jail.conf parameters. This flag disallows redefinition of the parameter.
"name" and/or "jid" are automatically defined in jail.conf by using the jail names at the front of jail parameter definitions. However, one could override them by using a variable with the same name like $name = "foo". This confused the parser and could end up with SIGSEGV.
Note that this change also affects a case when all of parameters are defined in the command line arguments, not in jail.conf. Specifically, "jail -c name=j1 name=j2" no longer works. This should be harmless.
PR: 196574 Reviewed by: jamie Differential Revision: https://reviews.freebsd.org/D3017
|
285261 |
08-Jul-2015 |
hrs |
Fix offset calculation in variable substitution in jail.conf. The following did not work correctly:
A="A_${B}_C_${D}" B="BBBBB" D="DDDD_${E}_FFFFF" E="EEEEE"
PR: 189139 Reviewed by: jamie Differential Revision: https://reviews.freebsd.org/D3018
|
284345 |
13-Jun-2015 |
sjg |
Add META_MODE support.
Off by default, build behaves normally. WITH_META_MODE we get auto objdir creation, the ability to start build from anywhere in the tree.
Still need to add real targets under targets/ to build packages.
Differential Revision: D2796 Reviewed by: brooks imp
|
281931 |
24-Apr-2015 |
joel |
Fix minor mdoc issues.
|
280354 |
22-Mar-2015 |
allanjude |
Fix typo in jail(8) man page
PR: 198790 Differential Revision: https://reviews.freebsd.org/D2111 Submitted by: Jimmy Olgeni Approved by: wblock (mentor) Sponsored by: ScaleEngine Inc.
|
280031 |
15-Mar-2015 |
dim |
Upgrade our copy of clang, llvm and lldb to 3.6.0 release.
Please note that from 3.5.0 onwards, clang/llvm/lldb require C++11 support to build; see UPDATING for more information.
Release notes for llvm and clang can be found here: <http://llvm.org/releases/3.6.0/docs/ReleaseNotes.html> <http://llvm.org/releases/3.6.0/tools/clang/docs/ReleaseNotes.html>
Thanks to Ed Maste for the lldb part of this upgrade.
Exp-run: antoine
|
279361 |
27-Feb-2015 |
ian |
Allow the kern.osrelease and kern.osreldate sysctl values to be set in a jail's creation parameters. This allows the kernel version to be reliably spoofed within the jail whether examined directly with sysctl or indirectly with the uname -r and -K options.
The values can only be set at jail creation time, to eliminate the need for any locking when accessing the values via sysctl.
The overridden values are inherited by nested jails (unless the config for the nested jails also overrides the values).
There is no sanity or range checking, other than disallowing an empty release string or a zero release date, by design. The system administrator is trusted to set sane values. Setting values that are newer than the actual running kernel will likely cause compatibility problems.
Differential Revision: https://reviews.freebsd.org/D1948 Relnotes: yes
|
278323 |
06-Feb-2015 |
jamie |
Add mount.procfs jail parameter, so procfs can be mounted when a prison's root is in its fstab.
Also fix a typo while I'm at it.
PR: 197237 197066 MFC after: 3 days
|
277855 |
28-Jan-2015 |
jamie |
Add allow.mount.fdescfs jail flag.
PR: 192951 Submitted by: ruben@verweg.com MFC after: 3 days
|
276479 |
31-Dec-2014 |
dim |
Upgrade our copy of clang, llvm and lldb to 3.5.0 release.
Please note that this version now requires C++11 support to build; see UPDATING for more information.
Release notes for llvm and clang can be found here: <http://llvm.org/releases/3.5.0/docs/ReleaseNotes.html> <http://llvm.org/releases/3.5.0/tools/clang/docs/ReleaseNotes.html>
Thanks to Ed Maste, Roman Divacky, Andrew Turner, Justin Hibbits and Antoine Brodin for their invaluable help with this import.
Approved by: portmgr (antoine) MFC after: 1 month
|
276258 |
26-Dec-2014 |
joel |
mdoc: sort SEE ALSO.
|
275906 |
18-Dec-2014 |
jamie |
Setgid before running a command as a specified user. Previously only initgroups(3) was called, what isn't quite enough. This brings jail(8) in line with jexec(8), which was already doing the right thing.
PR: 195984 MFC after: 1 week
|
275073 |
25-Nov-2014 |
jamie |
In preparation for using clang's -Wcast-qual:
Use __DECONST (instead of my own attempted re-invention) for the iov parameters to jail_get/set(2). Similarly remove the decost-ish hack from execvp's argv, except the __DECONST is only added at very end.
While I'm at it, remove an unused variable and fix a comment typo.
|
275054 |
25-Nov-2014 |
bapt |
Convert usr.sbin to LIBADD Reduce overlinking
|
269522 |
04-Aug-2014 |
smh |
Added support for extra ifconfig args to jail ip4.addr & ip6.addr params
This allows for CARP interfaces to be used in jails e.g. ip4.addr = "em0|10.10.1.20/32 vhid 1 pass MyPass advskew 100"
Before this change using exec.prestart to configure a CARP address would result in the wrong MAC being broadcast on startup as jail creates IP aliases to support ip[4|6].addr before exec.prestart is executed.
PR: 191832 Reviewed by: jamie MFC after: 1 week X-MFC-With: r269340 Phabric: D528 Sponsored by: Multiplay
|
268539 |
11-Jul-2014 |
gavin |
The month's name shall not be abbreviated.
|
268488 |
10-Jul-2014 |
gavin |
Reword an awkward option description
PR: 191726 Reported by: yaneurabeya gmail.com MFC after: 3 days
|
266283 |
17-May-2014 |
bjk |
Bump .Dd, missed in r266206
Approved by: hrs (mentor, implicit)
|
266206 |
16-May-2014 |
bjk |
Review pass through jail.8
Replace usage of "prison" with "jail", since that term has mostly dropped out of use. Note once at the beginning that the "prison" term is equivalent, but do not use it otherwise. [1]
Some grammar issues.
Some mdoc formatting fixes.
Consistently use \(em for em dashes, with spaces around it.
Avoid contractions.
Prefer ssh to telnet.
PR: docs/176832 [1] Approved by: hrs (mentor)
|
265420 |
06-May-2014 |
imp |
Use src.opts.mk in preference to bsd.own.mk except where we need stuff from the latter.
|
263266 |
17-Mar-2014 |
rwatson |
Line-wrapping tweak: make the sample jail command line fit in 80 characters.
MFC after: 3 days
|
261834 |
13-Feb-2014 |
zeising |
Bump .Dd forgotten in r261832.
MFC after: 2 weeks
|
261833 |
13-Feb-2014 |
zeising |
Add commas (,) to the list in the SEE ALSO section, to match most other manuals.
MFC after: 2 weeks
|
261832 |
13-Feb-2014 |
zeising |
Add cross references between rc.conf(5) and jail.conf(5).
MFC after: 2 weeks
|
261326 |
31-Jan-2014 |
jamie |
Back out r261266 pending security buy-in.
r261266: Add a jail parameter, allow.kmem, which lets jailed processes access /dev/kmem and related devices (i.e. grants PRIV_IO and PRIV_KMEM_WRITE). This in conjunction with changing the drm driver's permission check from PRIV_DRIVER to PRIV_KMEM_WRITE will allow a jailed Xorg server.
|
261266 |
29-Jan-2014 |
jamie |
Add a jail parameter, allow.kmem, which lets jailed processes access /dev/kmem and related devices (i.e. grants PRIV_IO and PRIV_KMEM_WRITE). This in conjunction with changing the drm driver's permission check from PRIV_DRIVER to PRIV_KMEM_WRITE will allow a jailed Xorg server.
Submitted by: netchild MFC after: 1 week
|
256385 |
12-Oct-2013 |
hrs |
- Add mount.fdescfs parameter to jail(8). This is similar to mount.devfs but mounts fdescfs. The mount happens just after mount.devfs.
- rc.d/jail now displays whole error message from jail(8) when a jail fails to start.
Approved by: re (gjb)
|
256256 |
10-Oct-2013 |
hrs |
- Update rc.d/jail to use a jail(8) configuration file instead of command line options. The "jail_<jname>_*" rc.conf(5) variables for per-jail configuration are automatically converted to /var/run/jail.<jname>.conf before the jail(8) utility is invoked. This is transparently backward compatible.
- Fix a minor bug in jail(8) which prevented it from returning false when jail -r failed.
Approved by: re (glebius)
|
254741 |
23-Aug-2013 |
delphij |
Allow tmpfs be mounted inside jail.
|
250926 |
23-May-2013 |
jkim |
Work around build breakages with GCC 4.2.
Reported by: tinderbox
|
250227 |
04-May-2013 |
jkim |
Improve compatibility with recent flex from flex.sourceforge.net.
|
249657 |
19-Apr-2013 |
ed |
Add the Clang specific -Wmissing-variable-declarations to WARNS=6.
This compiler flag enforces that that people either mark variables static or use an external declarations for the variable, similar to how -Wmissing-prototypes works for functions.
Due to the fact that Yacc/Lex generate code that cannot trivially be changed to not warn because of this (lots of yy* variables), add a NO_WMISSING_VARIABLE_DECLARATIONS that can be used to turn off this specific compiler warning.
Announced on: toolchain@
|
248854 |
28-Mar-2013 |
jamie |
Reverse the order of some implicit commands (FS mounts and ifconfigs) when stopping jails. This matters particularly for nested filesystem mounts.
PR: kern/177325 Submitted by: Harald Schmalzbauer MFC after: 3 days
|
246804 |
14-Feb-2013 |
jamie |
Handle (ignore) when a process disappears before it can be tracked.
|
241196 |
04-Oct-2012 |
jamie |
Move properly to the next parameter when jailparam_init fails (i.e. on an unknown parameter), to avoid freeing bogus pointers.
|
240563 |
16-Sep-2012 |
des |
Warn about filesystem-based attacks.
|
239621 |
23-Aug-2012 |
jamie |
Partially roll back r239601 - keep parameter strings both length-delimited and null-terminated at the same time, because they're later passed to libjail as null-terminated. That means I also need to add a nul byte when comma-combining array parameters.
MFC after: 6 days
|
239602 |
23-Aug-2012 |
jamie |
Pre-separate IP addresses passed on the command line, so they can be properly parsed for interface prefixes and netmask suffixes. This was already done for the old-style (fixed) command line, but missed for the new-style.
MFC after: 1 week
|
239601 |
23-Aug-2012 |
jamie |
Remember that I'm using length-defined strings in parameters:
Remove a bogus null terminator when stripping the netmask from IP addresses. This was causing later addresses in a comma-separated string to disappear.
Use memcpy instead of strcpy. This could just cause Bad Things.
PR: 170832 MFC after: 1 week
|
237697 |
28-Jun-2012 |
maxim |
o Restore -u <username> getopt(3) flag somehow killed in r234712.
PR: bin/169490 Submitted by: amdmi3 MFC after: 2 weeks
|
236509 |
03-Jun-2012 |
joel |
Minor spelling fixes.
|
236198 |
28-May-2012 |
jamie |
When writing the jid via the -i flag, do it right when the jail is created, before any commands run. /etc/rc.d/jail depends on this.
|
235949 |
25-May-2012 |
jamie |
Don't try to set a null TERM environment.
Submitted by: Mateusz Guzik <mjguzik gmail.com>
|
235873 |
24-May-2012 |
wblock |
Fixes to man8 groff mandoc style, usage mistakes, or typos.
PR: 168016 Submitted by: Nobuyuki Koganemaru Approved by: gjb MFC after: 3 days
|
235840 |
23-May-2012 |
jamie |
Note that the new jail(8) will be appearing in 9.1.
|
235789 |
22-May-2012 |
bapt |
Fix world after byacc import: - old yacc(1) use to magicially append stdlib.h, while new one don't - new yacc(1) do declare yyparse by itself, fix redundant declaration of 'yyparse'
Approved by: des (mentor)
|
235355 |
12-May-2012 |
joel |
Remove end of line whitespace.
|
235337 |
12-May-2012 |
gjb |
General mdoc(7) and typo fixes.
PR: 167804 Submitted by: Nobuyuki Koganemaru (kogane!jp.freebsd.org) MFC after: 3 days
|
235335 |
12-May-2012 |
joel |
mdoc: remove redundant Pp and end a display block with Ed.
|
235294 |
11-May-2012 |
joel |
Fix .Pp macro.
|
234988 |
03-May-2012 |
jamie |
Add a meta-parameter IP__NULL to enum intparam, instead of mixing enum values and zeroes. This keeps clang happy (and is just good form).
Submitted by: dim
|
234934 |
02-May-2012 |
jamie |
Add YY_NO_INPUT so clang doesn't complain about "input" not being used.
|
234744 |
27-Apr-2012 |
jamie |
Fix the dates and history as of the move to HEAD.
|
234712 |
26-Apr-2012 |
jamie |
A new jail(8) with a configuration file, ultimately to replace the work currently done by /etc/rc.d/jail.
MFC after: 3 months
|
232291 |
29-Feb-2012 |
mm |
Bump .Dd to reflect latest update
Reported by: bz MFC after: 1 week
|
232278 |
29-Feb-2012 |
mm |
Add procfs to jail-mountable filesystems.
Reviewed by: jamie MFC after: 1 week
|
232247 |
28-Feb-2012 |
mm |
mdoc(7) stype - start new sentences on new line
MFC after: 1 week
|
232186 |
26-Feb-2012 |
mm |
Analogous to r232059, add a parameter for the ZFS file system:
allow.mount.zfs: allow mounting the zfs filesystem inside a jail
This way the permssions for mounting all current VFCF_JAIL filesystems inside a jail are controlled wia allow.mount.* jail parameters.
Update sysctl descriptions. Update jail(8) and zfs(8) manpages.
TODO: document the connection of allow.mount.* and VFCF_JAIL for kernel developers
MFC after: 10 days
|
232059 |
23-Feb-2012 |
mm |
To improve control over the use of mount(8) inside a jail(8), introduce a new jail parameter node with the following parameters:
allow.mount.devfs: allow mounting the devfs filesystem inside a jail
allow.mount.nullfs: allow mounting the nullfs filesystem inside a jail
Both parameters are disabled by default (equals the behavior before devfs and nullfs in jails). Administrators have to explicitly allow mounting devfs and nullfs for each jail. The value "-1" of the devfs_ruleset parameter is removed in favor of the new allow setting.
Reviewed by: jamie Suggested by: pjd MFC after: 2 weeks
|
231267 |
09-Feb-2012 |
mm |
Add support for mounting devfs inside jails.
A new jail(8) option "devfs_ruleset" defines the ruleset enforcement for mounting devfs inside jails. A value of -1 disables mounting devfs in jails, a value of zero means no restrictions. Nested jails can only have mounting devfs disabled or inherit parent's enforcement as jails are not allowed to view or manipulate devfs(8) rules.
Utilizes new functions introduced in r231265.
Reviewed by: jamie MFC after: 1 month
|
230495 |
24-Jan-2012 |
mm |
Try resolving jail path with realpath(3).
jail(8) does a chdir(2) to the given path argument. Kernel evaluates the jail path from the new cwd and not from the original cwd, which leads to undesired behavior if given a relative path.
Reviewed by: jamie MFC after: 2 weeks
|
224615 |
02-Aug-2011 |
mm |
Always disable mount and unmount for jails with enforce_statfs==2. A working statfs(2) is required for umount(8) in jail.
Reviewed by: pjd, kib Approved by: re (kib) MFC after: 2 weeks
|
224477 |
28-Jul-2011 |
bcr |
Revert my last change to this file, as BETA1 is not announced yet.
Pointed out by: kib Pointy hat to: me Approved by: re (kib, implicit)
|
224475 |
28-Jul-2011 |
bcr |
Add a section to the jail chapter that explains why it is not recommended to allow root users in the jail to access the host system.
PR: docs/156853 Submitted by: crees Patch by: crees Approved by: re (kib) for BETA1
|
224286 |
24-Jul-2011 |
gjb |
Document the potential for jail escape.
Submitted by: Vedad KAJTAZ (vedad % kajtaz net) PR: 142341 Reviewed by: bz, rwatson Rewording by: rwatson Approved by: re (kensmith) MFC after: 3 days
|
222465 |
29-May-2011 |
bz |
Check for IPv4 or IPv6 to be available by the kernel to not provoke errors trying to query options not available. Make it possible to compile out INET or INET6 only parts.
Reviewed by: jamie Sponsored by: The FreeBSD Foundation Sponsored by: iXsystems MFC after: 10 days
|
221665 |
08-May-2011 |
bcr |
Revert r221655:
Various people voiced their concerns about these changes. Until this is resolved, we should use the old version.
|
221655 |
08-May-2011 |
bcr |
Jails have a problem in that if the jail directory is world-readable, an attacker with root access to the jail can create a setuid binary for their own use in the host environment (if they also have this access), thus breaking root in the host.
This exploit is impossible if the jail's files are not world-readable. Add instructions to the man page on how to create a jail with the correct permissions set.
PR: docs/156853 Submitted by: Chris Rees (utisoft at gmail dot com) Reviewed by: cperciva (security parts) MFC after: 9 days
|
213573 |
08-Oct-2010 |
uqs |
mdoc: drop redundant .Pp and .LP calls
They have no effect when coming in pairs, or before .Bl/.Bd
|
211086 |
08-Aug-2010 |
jamie |
Back out r210975, which changed documentation to match the now backed-out r210974.
|
210975 |
06-Aug-2010 |
jamie |
Note that a jail without a command parameter will be persistent, instead of explicitly requiring one of "command" or "persist".
MFC after: 3 days
|
210723 |
01-Aug-2010 |
joel |
Spelling fixes.
|
208586 |
27-May-2010 |
cperciva |
Change the current working directory to be inside the jail created by the jail(8) command. [10:04]
Fix a one-NUL-byte buffer overflow in libopie. [10:05]
Correctly sanity-check a buffer length in nfs mount. [10:06]
Approved by: so (cperciva) Approved by: re (kensmith) Security: FreeBSD-SA-10:04.jail Security: FreeBSD-SA-10:05.opie Security: FreeBSD-SA-10:06.nfsclient
|
208291 |
19-May-2010 |
uqs |
mdoc: consistently spell our email addresses <foo@FreeBSD.org>
Reviewed by: ru
|
207650 |
05-May-2010 |
danger |
- fix typo
|
204677 |
03-Mar-2010 |
delphij |
Make 'make manlint' happy. No actual visible change.
|
202468 |
17-Jan-2010 |
bz |
Add ip4.saddrsel/ip4.nosaddrsel (and equivalent for ip6) to control whether to use source address selection (default) or the primary jail address for unbound outgoing connections.
This is intended to be used by people upgrading from single-IP jails to multi-IP jails but not having to change firewall rules, application ACLs, ... but to force their connections (unless otherwise changed) to the primry jail IP they had been used for years, as well as for people prefering to implement similar policies.
Note that for IPv6, if configured incorrectly, this might lead to scope violations, which single-IPv6 jails could as well, as by the design of jails. [1]
Reviewed by: jamie, hrs (ipv6 part) Pointed out by: hrs [1] MFC After: 2 weeks Asked for by: Jase Thew (bazerka beardz.net)
|
201390 |
02-Jan-2010 |
ed |
The last big commit: let usr.sbin/ use WARNS=6 by default.
|
199818 |
26-Nov-2009 |
kuriyama |
- New style of jail(8) usage requires "-c" argument to create a jail.
Reviewed by: jamie
|
198217 |
18-Oct-2009 |
ed |
Don't forget to increment the man page date.
Reported by: bz
|
198215 |
18-Oct-2009 |
ed |
Fix a typo in the jail(8) manpage.
Submitted by: Jille Timmermans <jille quis cx> MFC after: 1 week
|
195998 |
31-Jul-2009 |
jamie |
Handle kernels that don't have IPv6 by not sending an "ip6.addr" parameter unless a (numeric) IPv6 address is given. Even the default binaries built with -DINET6 will work with IPv6-less kernels. With an eye to the future, similarly handle the possibility of an IPv4-less kernel.
Approved by: re (kib), bz (mentor)
|
195870 |
25-Jul-2009 |
jamie |
Some jail parameters (in particular, "ip4" and "ip6" for IP address restrictions) were found to be inadequately described by a boolean. Define a new parameter type with three values (disable, new, inherit) to handle these and future cases.
Approved by: re (kib), bz (mentor) Discussed with: rwatson
|
195461 |
08-Jul-2009 |
jamie |
Fix a typo in the examples.
Approved by: re (kib), bz (mentor)
|
194869 |
24-Jun-2009 |
jamie |
Add libjail, a (somewhat) simpler interface to the jail_set and jail_get system calls and the security.jail.param sysctls.
Approved by: bz (mentor)
|
194762 |
23-Jun-2009 |
jamie |
Add a limit for child jails via the "children.cur" and "children.max" parameters. This replaces the simple "allow.jails" permission.
Approved by: bz (mentor)
|
194708 |
23-Jun-2009 |
jamie |
Remove obsolete comment describing how the command line is no longer parsed.
Approved by: bz (mentor)
|
194494 |
19-Jun-2009 |
brooks |
In preparation for raising NGROUPS and NGROUPS_MAX, change base system callers of getgroups(), getgrouplist(), and setgroups() to allocate buffers dynamically. Specifically, allocate a buffer of size sysconf(_SC_NGROUPS_MAX)+1 (+2 in a few cases to allow for overflow).
This (or similar gymnastics) is required for the code to actually follow the POSIX.1-2008 specification where {NGROUPS_MAX} may differ at runtime and where getgroups may return {NGROUPS_MAX}+1 results on systems like FreeBSD which include the primary group.
In id(1), don't pointlessly add the primary group to the list of all groups, it is always the first result from getgroups(). In principle the old code was more portable, but this was only done in one of the two places where getgroups() was called to the overall effect was pointless.
Document the actual POSIX requirements in the getgroups(2) and setgroups(2) manpages. We do not yet support a dynamic NGROUPS, but we may in the future.
MFC after: 2 weeks
|
193929 |
10-Jun-2009 |
jamie |
In the old-style jail command line, explicitly set parameters from the security.jail.* sysctls since jail_set(2) doesn't do it implicitly.
Approved by: bz (mentor)
|
193676 |
08-Jun-2009 |
jkoshy |
Fix grammar.
Submitted by: richardtoohey at paradise dot net dot nz on -doc
|
193066 |
29-May-2009 |
jamie |
Place hostnames and similar information fully under the prison system. The system hostname is now stored in prison0, and the global variable "hostname" has been removed, as has the hostname_mtx mutex. Jails may have their own host information, or they may inherit it from the parent/system. The proper way to read the hostname is via getcredhostname(), which will copy either the hostname associated with the passed cred, or the system hostname if you pass NULL. The system hostname can still be accessed directly (and without locking) at prison0.pr_host, but that should be avoided where possible.
The "similar information" referred to is domainname, hostid, and hostuuid, which have also become prison parameters and had their associated global variables removed.
Approved by: bz (mentor)
|
193065 |
29-May-2009 |
jamie |
Fix some inaccuracies in the extensible parameter addition.
Approved by: bz (mentor)
|
192896 |
27-May-2009 |
jamie |
Add support for the arbitrary named jail parameters used by jail_set(2) and jail_get(2). Jail(8) can now create jails using a "name=value" format instead of just specifying a limited set of fixed parameters; it can also modify parameters of existing jails. Jls(8) can display all parameters of jails, or a specified set of parameters. The available parameters are gathered from the kernel, and not hard-coded into these programs.
Small patches on killall(1) and jexec(8) to support jail names with jail_get(2).
Approved by: bz (mentor)
|
191668 |
29-Apr-2009 |
jamie |
With the permission of phk@ change the license on remaining jail code to a 2 clause BSD license.
Approved by: phk Approved by: bz (mentor)
|
187670 |
24-Jan-2009 |
bz |
New sentence starts on a new line.
MFC after: 2 week
|
187669 |
24-Jan-2009 |
bz |
Update the description of the '-h' option wrt to primary addresses per address family and add a reference to the ip-addresses option.
MFC after: 1 week
|
187365 |
17-Jan-2009 |
bz |
s,unmount 8,umount 8, it is unmount(2) which I did not mean.
Submitted by: pluknet@gmail.com MFC after: 1 week
|
187092 |
12-Jan-2009 |
maxim |
o Sort .Xr.
|
187059 |
11-Jan-2009 |
bz |
Add a short section talking about jails and file systems; mention the mountand jail-aware file systems as well as quota.
PR: kern/68192 Reviewed by: simon MFC after: 2 weeks
|
185435 |
29-Nov-2008 |
bz |
MFp4: Bring in updated jail support from bz_jail branch.
This enhances the current jail implementation to permit multiple addresses per jail. In addtion to IPv4, IPv6 is supported as well. Due to updated checks it is even possible to have jails without an IP address at all, which basically gives one a chroot with restricted process view, no networking,..
SCTP support was updated and supports IPv6 in jails as well.
Cpuset support permits jails to be bound to specific processor sets after creation.
Jails can have an unrestricted (no duplicate protection, etc.) name in addition to the hostname. The jail name cannot be changed from within a jail and is considered to be used for management purposes or as audit-token in the future.
DDB 'show jails' command was added to aid debugging.
Proper compat support permits 32bit jail binaries to be used on 64bit systems to manage jails. Also backward compatibility was preserved where possible: for jail v1 syscalls, as well as with user space management utilities.
Both jail as well as prison version were updated for the new features. A gap was intentionally left as the intermediate versions had been used by various patches floating around the last years.
Bump __FreeBSD_version for the afore mentioned and in kernel changes.
Special thanks to: - Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches and Olivier Houchard (cognet) for initial single-IPv6 patches. - Jeff Roberson (jeff) and Randall Stewart (rrs) for their help, ideas and review on cpuset and SCTP support. - Robert Watson (rwatson) for lots and lots of help, discussions, suggestions and review of most of the patch at various stages. - John Baldwin (jhb) for his help. - Simon L. Nielsen (simon) as early adopter testing changes on cluster machines as well as all the testers and people who provided feedback the last months on freebsd-jail and other channels. - My employer, CK Software GmbH, for the support so I could work on this.
Reviewed by: (see above) MFC after: 3 months (this is just so that I get the mail) X-MFC Before: 7.2-RELEASE if possible
|
168398 |
05-Apr-2007 |
pjd |
Bump date.
|
168396 |
05-Apr-2007 |
pjd |
Add security.jail.mount_allowed sysctl, which allows to mount and unmount jail-friendly file systems from within a jail. Precisely it grants PRIV_VFS_MOUNT, PRIV_VFS_UNMOUNT and PRIV_VFS_MOUNT_NONUSER privileges for a jailed super-user. It is turned off by default.
A jail-friendly file system is a file system which driver registers itself with VFCF_JAIL flag via VFS_SET(9) API. The lsvfs(1) command can be used to see which file systems are jail-friendly ones.
There currently no jail-friendly file systems, ZFS will be the first one. In the future we may consider marking file systems like nullfs as jail-friendly.
Reviewed by: rwatson
|
164481 |
21-Nov-2006 |
rodrigc |
Change mount_devfs reference to "mount -t devfs".
Reminded by: ru
|
162806 |
29-Sep-2006 |
ru |
Markup fixes.
|
159508 |
11-Jun-2006 |
bz |
Use IP addresses out of "TEST-NET" (for use in documentation and example code) [RFC3330].
Reviewed by: simon
|
159005 |
28-May-2006 |
simon |
Revert 1.73, since mounting devfs without a devfs ruleset inside a jail is a very bad idea security wise.
Approved by: trhodes (jcamou mentor) No response: jcamou
|
159004 |
28-May-2006 |
matteo |
Mention ruleset #4 (devfsrules_jail) in jail's man page.
MFC after: 3
|
158475 |
12-May-2006 |
matteo |
correct strtol(3) usage and style(9)
Reviewed by: maxim MFC after: 2 weeks
|
158454 |
11-May-2006 |
maxim |
o Style(9) the previous commit a bit.
|
158428 |
11-May-2006 |
matteo |
Add the -s option to set jail's securelevel. This is useful for jails run with non-root privileges.
PR: bin/80242 MFC after: 2 weeks
|
158398 |
10-May-2006 |
matteo |
Use .Vt for struct xprison Suggested by: keramida
|
158365 |
08-May-2006 |
matteo |
document security.jail.list sysctl in jail(8)
PR: docs/96807 MFC after: 3
|
158271 |
03-May-2006 |
maxim |
o Document security.jail.jailed sysctl.
PR: docs/94711 Submitted by: Andreas Kohn MFC after: 2 weeks
|
157790 |
16-Apr-2006 |
maxim |
o Do not mangle current session user login name with jail -u|-U.
PR: bin/94730 Submitted by: Frank Behrens MFC after: 1 month
|
156771 |
16-Mar-2006 |
jcamou |
Do `mount_devfs' when starting a jail.
PR: docs/86044 Noticed by: Dan Langille <dan@langille.org> Reviewed by: Jose Biskofski <jbiskofski@grmims.com> Approved by: trhodes (mentor)
|
153056 |
03-Dec-2005 |
philip |
Add [-J jid_file] option to write out a JidFile, similar to a PidFile, containing the jailid, path, hostname, ip and the command used to start the jail.
PR: misc/89883 Submitted by: L. Jason Godsey <lannygodsey -at- yahoo.com> Reviewed by: phk MFC after: 1 week
|
151707 |
26-Oct-2005 |
keramida |
Note that the jail setup example is meant to be fed to sh(1), not csh(1).
PR: docs/87351 Submitted by: "Eli K. Breen" <bsd@unixforge.net> Approved by: simon, brooks MFC after: 3 days
|
148832 |
07-Aug-2005 |
brueffer |
Add some more info about jail startup and shutdown.
Submitted by: Jeremie Le Hen <jeremie@le-hen.org> MFC after: 3 days
|
148390 |
25-Jul-2005 |
arved |
Move DNS configuration before sendmail configuration, because newaliases(1) may hang without proper DNS configuration.
Approved by: brueffer
|
148166 |
20-Jul-2005 |
jcamou |
Mention that it is possible to have jails started at boot time if specified in /etc/rc.conf.
PR: docs/81040 Submitted by: matteo Approved by: trhodes (mentor) MFC after: 1 week
|
147377 |
14-Jun-2005 |
ru |
Markup fixes.
Approved by: re (blanket)
|
147199 |
09-Jun-2005 |
pjd |
Update manual page after sysctl rename.
Corrected by: brueffer
|
146725 |
28-May-2005 |
pjd |
Document 'jid' keyword for ps(1) and '-j' option for pgrep(1)/pkill(1).
|
146221 |
14-May-2005 |
pjd |
Remove symblic link kernel->dev/null creation. We don't need it in 5.x/6.x world (there is no /kernel file anymore).
Reminded by: Isaac Levy presentation
|
145696 |
30-Apr-2005 |
joel |
Fix spelling errors.
Approved by: brueffer (mentor)
|
142644 |
27-Feb-2005 |
ru |
Added the convenience "distribution" target which calls the target of the same name from src/etc/Makefile with a proper environment, suitable to be used during upgrades and cross- builds.
|
141543 |
08-Feb-2005 |
cperciva |
Add a new sysctl, "security.jail.chflags_allowed", which controls the behaviour of chflags within a jail. If set to 0 (the default), then a jailed root user is treated as an unprivileged user; if set to 1, then a jailed root user is treated the same as an unjailed root user.
This is necessary to allow "make installworld" to work inside a jail, since it attempts to manipulate the system immutable flag on certain files.
Discussed with: csjp, rwatson MFC after: 2 weeks
|
140598 |
21-Jan-2005 |
ru |
Fixed punctuation in xrefs.
|
140063 |
11-Jan-2005 |
ru |
Scheduled mdoc(7) sweep.
|
137808 |
17-Nov-2004 |
delphij |
Initialize lcap and pwd to NULL. This allows a WARNS=6 clean build, hence bump it to 6.
Note that the last commit message was not quite accurate. While the assumption exists in the code, it's not possible to have an uninitialized p there because if lflag is set when username is NULL then execution would be terminated earlier.
|
137807 |
17-Nov-2004 |
delphij |
The code path in main() dealing with lflag assumes that p was initialized with NULL, while it is not. So let's initialize it.
|
136051 |
02-Oct-2004 |
stefanf |
Pass an array of gid_t rather than an array of int to getgroups().
PR: 56646
|
133743 |
15-Aug-2004 |
maxim |
o Add -l option to jail(8) similar to su(1): before running jail'ed program under specific user's credentials, clean the environment and set only a few variables.
PR: bin/70024 Submitted by: demon MFC after: 1 month
|
131500 |
02-Jul-2004 |
ru |
Mechanically kill hard sentence breaks.
|
131182 |
27-Jun-2004 |
pjd |
Prepare jail(8) utility for new functionality which will limit seeing status of mounted file system for jailed processes. Pass full path of jail's root directory to the kernel. mount(8) utility is doing the same thing already.
|
130136 |
05-Jun-2004 |
ru |
Markup nits.
|
129966 |
01-Jun-2004 |
csjp |
Sentences should not start with conjunctions. Change "Because" to "Since".
Pointed out by: Ceri
|
129909 |
01-Jun-2004 |
csjp |
Add a warning note to security.jail.allow_raw_sockets about the risks of enabling raw sockets in prisons.
Because raw sockets can be used to configure and interact with various network subsystems, extra caution should be used where privileged access to jails is given out to untrusted parties. As such, by default this option is disabled.
A few others and I are currently auditing the kernel source code to ensure that the use of raw sockets by privledged prison users is safe.
Approved by: bmilekic (mentor)
|
129848 |
29-May-2004 |
maxim |
o Implement -U flag: run command as user which exists only in jail. o getpwnam(3) returns NULL and does not set errno when the user does not exist. Bail out with "no such user" instead of "Unknown error: 0".
PR: bin/67262 Submitted by: demon (-U flag) MFC after: 3 weeks
|
129466 |
20-May-2004 |
dannyboy |
Typos and nits.
|
129463 |
20-May-2004 |
pjd |
Document security.jail.getfsstatroot_only sysctl.
Obtained from: rwatson's commit log Approved by: rwatson
|
128923 |
04-May-2004 |
simon |
mdoc(7) cleanup for the last commit to this file.
OK'ed by: bmilekic
|
128890 |
03-May-2004 |
bmilekic |
Ammend jail(8) man page to explain new sysctl for raw-sockets inside jails, Christian's last submission.
Submitted by: Christian S.J. Peron <maneo@bsdpro.com>
|
125532 |
06-Feb-2004 |
le |
Correct typo.
|
122910 |
20-Nov-2003 |
rwatson |
A variety of content cleanups:
(1) Document the notion of using jail(8) to run "virtual servers" or just to constrain specific applications. If only running specific applications, some configuration steps are unnecessary (such as editing rc.conf).
(2) Add some more subsection headers to break up the bigger chunks of text.
(3) Clarify the problems associated with applications binding all IP addresses in the host, and attempt to be more specific about potential application problems. Document how to force sshd to bind the the right socket.
(4) Suggest that in a jailed application scenario, you might want to have the host syslogd listen on the socket in the jail, rather than running syslogd in the jail.
(5) Catch another reference to /stand/sysinstall.
Approved by: re (bmah implicitly)
|
122909 |
20-Nov-2003 |
rwatson |
No need to copy sysinstall into a jail with -CURRENT, since in -CURRENT, we have /usr/sbin/sysinstall.
Approved by: re (bmah implicitly)
|
122505 |
11-Nov-2003 |
kensmith |
- Add a note that there are two MIB variables that have per-jail settings.
Reviewed by: rwatson Approved by: blackend (mentor)
|
117280 |
06-Jul-2003 |
charnier |
add FBSDID
|
116889 |
26-Jun-2003 |
rwatson |
When pointing users at mount_devfs to populate the /dev of a jail, tell them that they also need to use devfs rules to prevent inappropriate devices from appearing in the jail; add an Xref. In earlier versions of this man page, the user was instructed to use sh MAKEDEV jail, which only created a minimal set of device nodes.
|
113804 |
21-Apr-2003 |
mike |
Force output of jail ID (if necessary) before excuting the command, otherwise redirection of stdout to a file using block buffering will not complete in time.
|
113277 |
09-Apr-2003 |
mike |
o Add jls(8) for listing active jails. o Add jexec(8) to execute a command in an existing jail. o Add -j option for killall(1) to kill all processes in a specified jail. o Add -i option to jail(8) to output jail ID of newly created jail.
|
113206 |
07-Apr-2003 |
maxim |
Free login_cap(3) resources after usage.
Submitted by: demon
|
112972 |
02-Apr-2003 |
maxim |
o Fix error messages formatting, style.
Prodded by: bde Reviewed by: bde
|
112705 |
27-Mar-2003 |
maxim |
o Add -u <username> flag to jail(8): set user context before exec.
PR: bin/44320 Submitted by: Mike Matsnev <mike@po.cs.msu.su> Reviewed by: -current MFC after: 6 weeks
|
112376 |
18-Mar-2003 |
maxim |
portmap_enable -> rpcbind_enable.
Spotted by: Andrew Khlebutin <andreyh@perm.ru>
|
111688 |
28-Feb-2003 |
keramida |
Remove traces of MAKEDEV & add xref to mount_devfs(8). DEVFS is now mandatory in CURRENT.
PR: docs/48095 Submitted by: Grzegorz Czaplinski <G.Czaplinski@prioris.mini.pw.edu.pl>
|
105704 |
22-Oct-2002 |
phk |
Fix example, we do not need NO_MAKEDEV_RUN any more.
XXX: this example should be updated with a good example of devfs(8) rules.
|
99968 |
14-Jul-2002 |
charnier |
The .Nm utility
|
96979 |
20-May-2002 |
dd |
Fix IP address typo.
PR: 38313 Submitted by: Jeff Ito <jeffi@rcn.com>
|
95258 |
22-Apr-2002 |
des |
Usage style sweep: spell "usage" with a small 'u'. Also change one case of blatant __progname abuse (several more remain) This commit does not touch anything in src/{contrib,crypto,gnu}/.
|
89414 |
16-Jan-2002 |
arr |
- Attempt to help declutter kern. sysctl by moving security out from beneath it.
Reviewed by: rwatson
|
89216 |
10-Jan-2002 |
ru |
mdoc(7) police: ispell rev. 1.32.
|
89215 |
10-Jan-2002 |
ru |
mdoc(7) police: tidy up previous delta.
|
87943 |
14-Dec-2001 |
phk |
Add some wisdom to the jail setup instructions.
|
87863 |
14-Dec-2001 |
ru |
mdoc(7) police overhaul.
|
87717 |
12-Dec-2001 |
arr |
- Update the sysctl mibs in order to reflect the recent kern_jail.c changes.
Approved by: rwatson Reviewed by: rwatson
|
82874 |
03-Sep-2001 |
dd |
syslogd can now be configured to bind to a specific address.
|
82417 |
27-Aug-2001 |
dd |
This is not jail(2), or anything else suitable to be referenced with .Fn.
|
80029 |
20-Jul-2001 |
obrien |
Perform a major cleanup of the usr.sbin Makefiles. These are not perfectly in agreement with each other style-wise, but they are orders of orders of magnitude more consistent style-wise than before.
|
79755 |
15-Jul-2001 |
dd |
Remove whitespace at EOL.
|
79537 |
10-Jul-2001 |
ru |
mdoc(7) police: removed HISTORY info from the .Os call.
|
79293 |
05-Jul-2001 |
ru |
mdoc(7) police: sort xrefs.
|
79011 |
30-Jun-2001 |
dd |
Set WARNS=2 on programs that compile cleanly with it; add $FreeBSD$ where necessary.
Submitted by: Mike Barcroft <mike@q9media.com>
|
78723 |
24-Jun-2001 |
dd |
Add missing includes and sort includes.
|
78720 |
24-Jun-2001 |
dd |
Include missing header files which define functions for which gcc has builtints (e.g., exit, strcmp).
|
77878 |
07-Jun-2001 |
sobomax |
Correct cross-reference: portmap.8 --> rpcbind.8
Submitted by: .Xr testing script
|
74991 |
29-Mar-2001 |
asmodai |
Change NO_MAKEDEV to a finer granularity method: NO_MAKEDEV_INSTALL and NO_MAKEDEV_RUN. The former implying the latter. The names imply what they do. The last commit by DES based on a PR defeated the original idea behind NO_MAKEDEV, which was not to run MAKEDEV, but to do the installation of MAKEDEV. This should satisfy both parties on the MAKEDEV challenge. Reflect this in the documentation.
|
74816 |
26-Mar-2001 |
ru |
- Backout botched attempt to introduce MANSECT feature. - MAN[1-9] -> MAN.
|
74532 |
20-Mar-2001 |
ru |
Set the default manual section for usr.sbin/ to 8.
|
74115 |
11-Mar-2001 |
rwatson |
o Replace part-wise instructions for building world for jail(8) with a simple make world; while this does a bit more work, it means that jail(8) doesn't have to be kept in sync with /usr/src/Makefile{,.inc1} which is a moving target. MFC candidate.
Submitted by: FUJISHIMA Satsuki <sf@FreeBSD.org> Reviewed by: phk Also pointed out by: Phil Kernick <Phil@Kernick.org>
|
71898 |
01-Feb-2001 |
ru |
mdoc(7) police: split punctuation characters + misc fixes.
|
70015 |
14-Dec-2000 |
ru |
mdoc(7) police: removed history info from the .Os FreeBSD call.
|
68965 |
20-Nov-2000 |
ru |
mdoc(7) police: use the new features of the Nm macro.
|
68716 |
14-Nov-2000 |
ru |
Use Fx macro wherever possible.
|
68155 |
01-Nov-2000 |
sheldonh |
Whitespace only: Correct poor line-breaking introduced in rev 1.17, which was limited to correcting mark-up.
|
68154 |
01-Nov-2000 |
sheldonh |
Correct mark-up used in rev 1.16, as discussed with its contributor:
* Use a sub-section (Ss) instead of a section (Sh) for "Sysctl MIB Entries".
* Use a tagged list (Bl, El and It) instead of sub-sections (Ss) for the actual MIB entries.
* Mark paths up as such (Pa).
* Mark defined values up as such (Dv).
|
68026 |
31-Oct-2000 |
rwatson |
o Document various sysctl's available for managing services available within jail()
|
62821 |
08-Jul-2000 |
dannyboy |
Typo: "is unreliably by default" to "is unreliable by default".
PR: 19411 Submitted by: Benno Rice <benno@netizen.com.au>
|
58518 |
24-Mar-2000 |
mpp |
Some minor mdoc style and spelling fixes.
|
57673 |
01-Mar-2000 |
sheldonh |
Remove single-space hard sentence breaks. These degrade the quality of the typeset output, tend to make diffs harder to read and provide bad examples for new-comers to mdoc.
|
57348 |
20-Feb-2000 |
rwatson |
- As jail(8) has been almost completely rewritten, prepend another copyright/ BSD-style license, as an add-on to phk's beerware license. Please fedex some beer to phk.
- Add a ``make depend'' line to the jail-building, which fixes openssl, among other things. Suggested by: kris
- Add ``newaliases'' to the list of things to do when setting up a new jail, so that the jailed sendmail doesn't complain.
- Correct references to ``kern.jail.set_hostname_allowed'' which now read ``jail.set_hostname_allowed''.
- Add a reference to sysctl.conf where the sysctl can easily be set in a persistent way.
- Add a list of cross references to the man page.
- Fix a formatting nit or two.
|
57324 |
18-Feb-2000 |
rwatson |
Fix up a few documentation nits in jail(8), as well as improve the instructions so as to reduce warnings during jail startup, etc. Add a somewhat bolder warning recommending the use of kern.jail.set_hostname to limit jail renamining.
|
57265 |
16-Feb-2000 |
rwatson |
Modified jail.8 to correct a typo (inetd_flas vs. inetd_flags), and add a comment to the effect that I'm responsible for the additional documentation, et al, so that phk gets fewer messages about my errors.
|
57180 |
13-Feb-2000 |
chris |
Add Robert Watson's much extended documentation including that of the kern.jail.set_hostname_allowed sysctl MIB.
Submitted by: rwatson
|
57073 |
09-Feb-2000 |
rwatson |
Clean up the jail(8) documentation so that it suggests building a jail userland in a safer way. Using the NO_MAKEDEV argument in make distribution prevents the creation of a number of unsafe device nodes in the jailed /dev, including disk devices, and more. This depends on an earlier commit to /etc/Makefile to provide the NO_MAKEDEV support.
Approved by: jkh
|
54955 |
21-Dec-1999 |
asmodai |
Properly manify this manpage.
|
54143 |
05-Dec-1999 |
phk |
A procfs mount is no longer needed for a jail.
|
51399 |
19-Sep-1999 |
phk |
Add a version number field to the jail(2) argument so that future changes can be handled intelligently.
WARNING: you will need to reinstall #includes and recompile jail(8).
|
50479 |
28-Aug-1999 |
peter |
$Id$ -> $FreeBSD$
|
48722 |
09-Jul-1999 |
phk |
Add example of how to create a jail.
|
46520 |
05-May-1999 |
phk |
Various cosmetics.
Submitted by: Rudolf Cejka <cejkar@dcse.fee.vutbr.cz> Reviewed by: phk
|
46432 |
04-May-1999 |
phk |
Fix various bogons.
Submitted by: Rudolf Cejka <cejkar@dcse.fee.vutbr.cz> Reviewed by: phk
|
46155 |
28-Apr-1999 |
phk |
This Implements the mumbled about "Jail" feature.
This is a seriously beefed up chroot kind of thing. The process is jailed along the same lines as a chroot does it, but with additional tough restrictions imposed on what the superuser can do.
For all I know, it is safe to hand over the root bit inside a prison to the customer living in that prison, this is what it was developed for in fact: "real virtual servers".
Each prison has an ip number associated with it, which all IP communications will be coerced to use and each prison has its own hostname.
Needless to say, you need more RAM this way, but the advantage is that each customer can run their own particular version of apache and not stomp on the toes of their neighbors.
It generally does what one would expect, but setting up a jail still takes a little knowledge.
A few notes:
I have no scripts for setting up a jail, don't ask me for them.
The IP number should be an alias on one of the interfaces.
mount a /proc in each jail, it will make ps more useable.
/proc/<pid>/status tells the hostname of the prison for jailed processes.
Quotas are only sensible if you have a mountpoint per prison.
There are no privisions for stopping resource-hogging.
Some "#ifdef INET" and similar may be missing (send patches!)
If somebody wants to take it from here and develop it into more of a "virtual machine" they should be most welcome!
Tools, comments, patches & documentation most welcome.
Have fun...
Sponsored by: http://www.rndassociates.com/ Run for almost a year by: http://www.servetheweb.com/
|