Changeset View
Changeset View
Standalone View
Standalone View
head/usr.sbin/jail/jail.8
| Show All 19 Lines | |||||
| .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||||
| .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | ||||
| .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | ||||
| .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | ||||
| .\" SUCH DAMAGE. | .\" SUCH DAMAGE. | ||||
| .\" | .\" | ||||
| .\" $FreeBSD$ | .\" $FreeBSD$ | ||||
| .\" | .\" | ||||
| .Dd July 20, 2018 | .Dd July 29, 2018 | ||||
| .Dt JAIL 8 | .Dt JAIL 8 | ||||
| .Os | .Os | ||||
| .Sh NAME | .Sh NAME | ||||
| .Nm jail | .Nm jail | ||||
| .Nd "manage system jails" | .Nd "manage system jails" | ||||
| .Sh SYNOPSIS | .Sh SYNOPSIS | ||||
| .Nm | .Nm | ||||
| .Op Fl dhilqv | .Op Fl dhilqv | ||||
| ▲ Show 20 Lines • Show All 511 Lines • ▼ Show 20 Lines | |||||
| .It Va allow.quotas | .It Va allow.quotas | ||||
| The jail root may administer quotas on the jail's filesystem(s). | The jail root may administer quotas on the jail's filesystem(s). | ||||
| This includes filesystems that the jail may share with other jails or | This includes filesystems that the jail may share with other jails or | ||||
| with non-jailed parts of the system. | with non-jailed parts of the system. | ||||
| .It Va allow.socket_af | .It Va allow.socket_af | ||||
| Sockets within a jail are normally restricted to IPv4, IPv6, local | Sockets within a jail are normally restricted to IPv4, IPv6, local | ||||
| (UNIX), and route. This allows access to other protocol stacks that | (UNIX), and route. This allows access to other protocol stacks that | ||||
| have not had jail functionality added to them. | have not had jail functionality added to them. | ||||
| .It Va allow.mlock | |||||
| Locking or unlocking physical pages in memory are normally not available | |||||
| within a jail. | |||||
| When this parameter is set, users may | |||||
| .Xr mlock 2 | |||||
| or | |||||
| .Xr munlock 2 | |||||
| memory subject to | |||||
| .Va security.bsd.unprivileged_mlock | |||||
| and resource limits. | |||||
| .It Va allow.reserved_ports | .It Va allow.reserved_ports | ||||
| The jail root may bind to ports lower than 1024. | The jail root may bind to ports lower than 1024. | ||||
| .El | .El | ||||
| .El | .El | ||||
| .Pp | .Pp | ||||
| Kernel modules may add their own parameters, which only exist when the | Kernel modules may add their own parameters, which only exist when the | ||||
| module is loaded. | module is loaded. | ||||
| These are typically headed under a parameter named after the module, | These are typically headed under a parameter named after the module, | ||||
| ▲ Show 20 Lines • Show All 803 Lines • Show Last 20 Lines | |||||