Changeset View
Changeset View
Standalone View
Standalone View
head/usr.sbin/jail/jail.8
Show All 19 Lines | |||||
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||||
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | ||||
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | ||||
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | ||||
.\" SUCH DAMAGE. | .\" SUCH DAMAGE. | ||||
.\" | .\" | ||||
.\" $FreeBSD$ | .\" $FreeBSD$ | ||||
.\" | .\" | ||||
.Dd July 20, 2018 | .Dd July 29, 2018 | ||||
.Dt JAIL 8 | .Dt JAIL 8 | ||||
.Os | .Os | ||||
.Sh NAME | .Sh NAME | ||||
.Nm jail | .Nm jail | ||||
.Nd "manage system jails" | .Nd "manage system jails" | ||||
.Sh SYNOPSIS | .Sh SYNOPSIS | ||||
.Nm | .Nm | ||||
.Op Fl dhilqv | .Op Fl dhilqv | ||||
▲ Show 20 Lines • Show All 511 Lines • ▼ Show 20 Lines | |||||
.It Va allow.quotas | .It Va allow.quotas | ||||
The jail root may administer quotas on the jail's filesystem(s). | The jail root may administer quotas on the jail's filesystem(s). | ||||
This includes filesystems that the jail may share with other jails or | This includes filesystems that the jail may share with other jails or | ||||
with non-jailed parts of the system. | with non-jailed parts of the system. | ||||
.It Va allow.socket_af | .It Va allow.socket_af | ||||
Sockets within a jail are normally restricted to IPv4, IPv6, local | Sockets within a jail are normally restricted to IPv4, IPv6, local | ||||
(UNIX), and route. This allows access to other protocol stacks that | (UNIX), and route. This allows access to other protocol stacks that | ||||
have not had jail functionality added to them. | have not had jail functionality added to them. | ||||
.It Va allow.mlock | |||||
Locking or unlocking physical pages in memory are normally not available | |||||
within a jail. | |||||
When this parameter is set, users may | |||||
.Xr mlock 2 | |||||
or | |||||
.Xr munlock 2 | |||||
memory subject to | |||||
.Va security.bsd.unprivileged_mlock | |||||
and resource limits. | |||||
.It Va allow.reserved_ports | .It Va allow.reserved_ports | ||||
The jail root may bind to ports lower than 1024. | The jail root may bind to ports lower than 1024. | ||||
.El | .El | ||||
.El | .El | ||||
.Pp | .Pp | ||||
Kernel modules may add their own parameters, which only exist when the | Kernel modules may add their own parameters, which only exist when the | ||||
module is loaded. | module is loaded. | ||||
These are typically headed under a parameter named after the module, | These are typically headed under a parameter named after the module, | ||||
▲ Show 20 Lines • Show All 803 Lines • Show Last 20 Lines |