Changeset View
Changeset View
Standalone View
Standalone View
usr.sbin/jail/jail.8
Show All 19 Lines | |||||
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||||
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | ||||
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | ||||
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | ||||
.\" SUCH DAMAGE. | .\" SUCH DAMAGE. | ||||
.\" | .\" | ||||
.\" $FreeBSD$ | .\" $FreeBSD$ | ||||
.\" | .\" | ||||
.Dd July 18, 2022 | .Dd December 11, 2022 | ||||
.Dt JAIL 8 | .Dt JAIL 8 | ||||
.Os | .Os | ||||
.Sh NAME | .Sh NAME | ||||
.Nm jail | .Nm jail | ||||
.Nd "manage system jails" | .Nd "manage system jails" | ||||
.Sh SYNOPSIS | .Sh SYNOPSIS | ||||
.Nm | .Nm | ||||
.Op Fl dhilqv | .Op Fl dhilqv | ||||
▲ Show 20 Lines • Show All 542 Lines • ▼ Show 20 Lines | |||||
within a jail. | within a jail. | ||||
When this parameter is set, users may | When this parameter is set, users may | ||||
.Xr mlock 2 | .Xr mlock 2 | ||||
or | or | ||||
.Xr munlock 2 | .Xr munlock 2 | ||||
memory subject to | memory subject to | ||||
.Va security.bsd.unprivileged_mlock | .Va security.bsd.unprivileged_mlock | ||||
and resource limits. | and resource limits. | ||||
.It Va allow.nfsd | |||||
The | |||||
.Xr mountd 8 | |||||
and | |||||
.Xr nfsd 8 | |||||
daemons are permitted to run inside a vnet-enabled jail. | |||||
The kernel must have been compiled with the | |||||
.Sy VNET_NFSD option | |||||
and | |||||
.Sy NFSD option | |||||
as well as the | |||||
.Sy VIMAGE option | |||||
for this to be available. | |||||
.It Va allow.reserved_ports | .It Va allow.reserved_ports | ||||
The jail root may bind to ports lower than 1024. | The jail root may bind to ports lower than 1024. | ||||
.It Va allow.unprivileged_proc_debug | .It Va allow.unprivileged_proc_debug | ||||
Unprivileged processes in the jail may use debugging facilities. | Unprivileged processes in the jail may use debugging facilities. | ||||
.It Va allow.suser | .It Va allow.suser | ||||
The value of the jail's | The value of the jail's | ||||
.Va security.bsd.suser_enabled | .Va security.bsd.suser_enabled | ||||
sysctl. | sysctl. | ||||
▲ Show 20 Lines • Show All 830 Lines • Show Last 20 Lines |