diff options
author | jamie <jamie@FreeBSD.org> | 2009-07-25 14:48:57 +0000 |
---|---|---|
committer | jamie <jamie@FreeBSD.org> | 2009-07-25 14:48:57 +0000 |
commit | 274ea197bb2f446e42dd6f17d5046b348d26d82d (patch) | |
tree | e2f5557445f7151dc18cefe88f9b884b83f55993 /usr.sbin/jail/jail.8 | |
parent | 0888b985acf99a673549ca79a753e47d3e98fe9a (diff) | |
download | FreeBSD-src-274ea197bb2f446e42dd6f17d5046b348d26d82d.zip FreeBSD-src-274ea197bb2f446e42dd6f17d5046b348d26d82d.tar.gz |
Some jail parameters (in particular, "ip4" and "ip6" for IP address
restrictions) were found to be inadequately described by a boolean.
Define a new parameter type with three values (disable, new, inherit)
to handle these and future cases.
Approved by: re (kib), bz (mentor)
Discussed with: rwatson
Diffstat (limited to 'usr.sbin/jail/jail.8')
-rw-r--r-- | usr.sbin/jail/jail.8 | 40 |
1 files changed, 29 insertions, 11 deletions
diff --git a/usr.sbin/jail/jail.8 b/usr.sbin/jail/jail.8 index 7189001..f3340bd 100644 --- a/usr.sbin/jail/jail.8 +++ b/usr.sbin/jail/jail.8 @@ -34,7 +34,7 @@ .\" .\" $FreeBSD$ .\" -.Dd July 8, 2009 +.Dd July 25, 2009 .Dt JAIL 8 .Os .Sh NAME @@ -252,14 +252,26 @@ match. It is only possible to start multiple jails with the same IP address, if none of the jails has more than this single overlapping IP address assigned to itself. -.Pp -A list of zero elements (an empty string) will stop the jail from using IPv4 -entirely; setting the boolean parameter -.Ar noip4 -will not restrict the jail at all. -.It Va ip6.addr +.It Va ip4 +Control the availablity of IPv4 addresses. +Possible values are +.Dq inherit +to allow unrestricted access to all system addresses, +.Dq new +to restrict addresses via +.Va ip4.addr +above, and +.Dq disable +to stop the jail from using IPv4 entirely. +Setting the +.Va ip4.addr +parameter implies a value of +.Dq new . +.It Va ip6.addr , Va ip6 A list of IPv6 addresses assigned to the prison, the counterpart to -.Ar ip4.addr +.Va ip4.addr +and +.Va ip4 above. .It Va host.hostname Hostname of the prison. @@ -268,9 +280,15 @@ Other similar parameters are .Va host.hostuuid and .Va host.hostid . -Setting the boolean parameter -.Va nohost -will retain the system values of these settings. +.It Va host +Set the origin of hostname and related information. +Possible values are +.Dq inherit +to use the system information and +.Dq new +for the jail to use the information from the above fields. +Setting any of the above fields implies a value of +.Dq new . .It Va securelevel The value of the jail's .Va kern.securelevel |