Changeset View
Changeset View
Standalone View
Standalone View
head/usr.sbin/jail/jail.8
| Show All 19 Lines | |||||
| .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||||
| .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | ||||
| .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | ||||
| .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | ||||
| .\" SUCH DAMAGE. | .\" SUCH DAMAGE. | ||||
| .\" | .\" | ||||
| .\" $FreeBSD$ | .\" $FreeBSD$ | ||||
| .\" | .\" | ||||
| .Dd May 14, 2020 | .Dd November 18, 2020 | ||||
| .Dt JAIL 8 | .Dt JAIL 8 | ||||
| .Os | .Os | ||||
| .Sh NAME | .Sh NAME | ||||
| .Nm jail | .Nm jail | ||||
| .Nd "manage system jails" | .Nd "manage system jails" | ||||
| .Sh SYNOPSIS | .Sh SYNOPSIS | ||||
| .Nm | .Nm | ||||
| .Op Fl dhilqv | .Op Fl dhilqv | ||||
| ▲ Show 20 Lines • Show All 545 Lines • ▼ Show 20 Lines | |||||
| .Xr munlock 2 | .Xr munlock 2 | ||||
| memory subject to | memory subject to | ||||
| .Va security.bsd.unprivileged_mlock | .Va security.bsd.unprivileged_mlock | ||||
| and resource limits. | and resource limits. | ||||
| .It Va allow.reserved_ports | .It Va allow.reserved_ports | ||||
| The jail root may bind to ports lower than 1024. | The jail root may bind to ports lower than 1024. | ||||
| .It Va allow.unprivileged_proc_debug | .It Va allow.unprivileged_proc_debug | ||||
| Unprivileged processes in the jail may use debugging facilities. | Unprivileged processes in the jail may use debugging facilities. | ||||
| .It Va allow.suser | |||||
| The value of the jail's | |||||
| .Va security.bsd.suser_enabled | |||||
| sysctl. | |||||
| The super-user will be disabled automatically if its parent system has it | |||||
| disabled. | |||||
| The super-user is enabled by default. | |||||
| .El | .El | ||||
| .El | .El | ||||
| .Pp | .Pp | ||||
| Kernel modules may add their own parameters, which only exist when the | Kernel modules may add their own parameters, which only exist when the | ||||
| module is loaded. | module is loaded. | ||||
| These are typically headed under a parameter named after the module, | These are typically headed under a parameter named after the module, | ||||
| with values of | with values of | ||||
| .Dq inherit | .Dq inherit | ||||
| ▲ Show 20 Lines • Show All 664 Lines • ▼ Show 20 Lines | |||||
| determines how may address per address family a jail may have. | determines how may address per address family a jail may have. | ||||
| The default is 255. | The default is 255. | ||||
| .Pp | .Pp | ||||
| Some MIB variables have per-jail settings. | Some MIB variables have per-jail settings. | ||||
| Changes to these variables by a jailed process do not affect the host | Changes to these variables by a jailed process do not affect the host | ||||
| environment, only the jail environment. | environment, only the jail environment. | ||||
| These variables are | These variables are | ||||
| .Va kern.securelevel , | .Va kern.securelevel , | ||||
| .Va security.bsd.suser_enabled , | |||||
| .Va kern.hostname , | .Va kern.hostname , | ||||
| .Va kern.domainname , | .Va kern.domainname , | ||||
| .Va kern.hostid , | .Va kern.hostid , | ||||
| and | and | ||||
| .Va kern.hostuuid . | .Va kern.hostuuid . | ||||
| .Ss "Hierarchical Jails" | .Ss "Hierarchical Jails" | ||||
| By setting a jail's | By setting a jail's | ||||
| .Va children.max | .Va children.max | ||||
| ▲ Show 20 Lines • Show All 142 Lines • Show Last 20 Lines | |||||