- Add a note about how jail(2) effects the securelevel.

Reviewed by: rwatson Approved by: blackend (mentor)
author: kensmith <kensmith@FreeBSD.org> 2003-11-11 18:21:20 +0000
committer: kensmith <kensmith@FreeBSD.org> 2003-11-11 18:21:20 +0000
commit: c0be2ff06ab2e1bfe1d3201baac97f9cf9778b18 (patch)
tree: ad89c2ab377857b1da4efd06cb18d20aef886b05 /lib/libc/sys
parent: bd8a6e05f87f30f90051d83d7f28de85e73a6239 (diff)
download: FreeBSD-src-c0be2ff06ab2e1bfe1d3201baac97f9cf9778b18.zip
FreeBSD-src-c0be2ff06ab2e1bfe1d3201baac97f9cf9778b18.tar.gz
1 files changed, 6 insertions, 0 deletions
diff --git a/lib/libc/sys/jail.2 b/lib/libc/sys/jail.2
index 3e21627..27ad153 100644
--- a/lib/libc/sys/jail.2
+++ b/lib/libc/sys/jail.2
@@ -82,6 +82,12 @@ can be manipulated all the ways a root can normally do it, including
 .Dq Li "rm -rf /*"
 but new device special nodes cannot be created because they reference
 shared resources (the device drivers in the kernel).
+The effective
+.Dq securelevel
+for a process is the greater of the global
+.Dq securelevel
+or, if present, the per-jail
+.Dq securelevel .
 .Pp
 All IP activity will be forced to happen to/from the IP number specified,
 which should be an alias on one of the network interfaces.
author	kensmith <kensmith@FreeBSD.org>	2003-11-11 18:21:20 +0000
committer	kensmith <kensmith@FreeBSD.org>	2003-11-11 18:21:20 +0000
commit	c0be2ff06ab2e1bfe1d3201baac97f9cf9778b18 (patch)
tree	ad89c2ab377857b1da4efd06cb18d20aef886b05 /lib/libc/sys
parent	bd8a6e05f87f30f90051d83d7f28de85e73a6239 (diff)
download	FreeBSD-src-c0be2ff06ab2e1bfe1d3201baac97f9cf9778b18.zip FreeBSD-src-c0be2ff06ab2e1bfe1d3201baac97f9cf9778b18.tar.gz