Changeset View
Changeset View
Standalone View
Standalone View
head/usr.sbin/jail/jail.8
Show All 19 Lines | |||||
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||||
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | ||||
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | ||||
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | ||||
.\" SUCH DAMAGE. | .\" SUCH DAMAGE. | ||||
.\" | .\" | ||||
.\" $FreeBSD$ | .\" $FreeBSD$ | ||||
.\" | .\" | ||||
.Dd May 14, 2020 | .Dd November 18, 2020 | ||||
.Dt JAIL 8 | .Dt JAIL 8 | ||||
.Os | .Os | ||||
.Sh NAME | .Sh NAME | ||||
.Nm jail | .Nm jail | ||||
.Nd "manage system jails" | .Nd "manage system jails" | ||||
.Sh SYNOPSIS | .Sh SYNOPSIS | ||||
.Nm | .Nm | ||||
.Op Fl dhilqv | .Op Fl dhilqv | ||||
▲ Show 20 Lines • Show All 545 Lines • ▼ Show 20 Lines | |||||
.Xr munlock 2 | .Xr munlock 2 | ||||
memory subject to | memory subject to | ||||
.Va security.bsd.unprivileged_mlock | .Va security.bsd.unprivileged_mlock | ||||
and resource limits. | and resource limits. | ||||
.It Va allow.reserved_ports | .It Va allow.reserved_ports | ||||
The jail root may bind to ports lower than 1024. | The jail root may bind to ports lower than 1024. | ||||
.It Va allow.unprivileged_proc_debug | .It Va allow.unprivileged_proc_debug | ||||
Unprivileged processes in the jail may use debugging facilities. | Unprivileged processes in the jail may use debugging facilities. | ||||
.It Va allow.suser | |||||
The value of the jail's | |||||
.Va security.bsd.suser_enabled | |||||
sysctl. | |||||
The super-user will be disabled automatically if its parent system has it | |||||
disabled. | |||||
The super-user is enabled by default. | |||||
.El | .El | ||||
.El | .El | ||||
.Pp | .Pp | ||||
Kernel modules may add their own parameters, which only exist when the | Kernel modules may add their own parameters, which only exist when the | ||||
module is loaded. | module is loaded. | ||||
These are typically headed under a parameter named after the module, | These are typically headed under a parameter named after the module, | ||||
with values of | with values of | ||||
.Dq inherit | .Dq inherit | ||||
▲ Show 20 Lines • Show All 664 Lines • ▼ Show 20 Lines | |||||
determines how may address per address family a jail may have. | determines how may address per address family a jail may have. | ||||
The default is 255. | The default is 255. | ||||
.Pp | .Pp | ||||
Some MIB variables have per-jail settings. | Some MIB variables have per-jail settings. | ||||
Changes to these variables by a jailed process do not affect the host | Changes to these variables by a jailed process do not affect the host | ||||
environment, only the jail environment. | environment, only the jail environment. | ||||
These variables are | These variables are | ||||
.Va kern.securelevel , | .Va kern.securelevel , | ||||
.Va security.bsd.suser_enabled , | |||||
.Va kern.hostname , | .Va kern.hostname , | ||||
.Va kern.domainname , | .Va kern.domainname , | ||||
.Va kern.hostid , | .Va kern.hostid , | ||||
and | and | ||||
.Va kern.hostuuid . | .Va kern.hostuuid . | ||||
.Ss "Hierarchical Jails" | .Ss "Hierarchical Jails" | ||||
By setting a jail's | By setting a jail's | ||||
.Va children.max | .Va children.max | ||||
▲ Show 20 Lines • Show All 142 Lines • Show Last 20 Lines |