MFC r298584:

  Note the existence of module-specific jail paramters, starting with the
  linux.* parameters when linux emulation is loaded.

MFC r298585:

  Encapsulate SYSV IPC objects in jails.  Define per-module parameters
  sysvmsg, sysvsem, and sysvshm, with the following bahavior:

  inherit: allow full access to the IPC primitives.  This is the same as
  the current setup with allow.sysvipc is on.  Jails and the base system
  can see (and moduly) each other's objects, which is generally considered
  a bad thing (though may be useful in some circumstances).

  disable: all no access, same as the current setup with allow.sysvipc off.

  new: A jail may see use the IPC objects that it has created.  It also
  gets its own IPC key namespace, so different jails may have their own
  objects using the same key value.  The parent jail (or base system) can
  see the jail's IPC objects, but not its keys.

PR:		48471

1 files changed, 54 insertions, 5 deletions

diff --git a/usr.sbin/jail/jail.8 b/usr.sbin/jail/jail.8
index 0831fcd..1200d34 100644
--- a/usr.sbin/jail/jail.8
+++ b/usr.sbin/jail/jail.8
@@ -25,7 +25,7 @@
 .\"
 .\" $FreeBSD$
 .\"
-.Dd July 6, 2015
+.Dd April 25, 2016
 .Dt JAIL 8
 .Os
 .Sh NAME
@@ -493,10 +493,14 @@ or
 .Xr sethostname 3 .
 .It Va allow.sysvipc
 A process within the jail has access to System V IPC primitives.
-In the current jail implementation, System V primitives share a single
-namespace across the host and jail environments, meaning that processes
-within a jail would be able to communicate with (and potentially interfere
-with) processes outside of the jail, and in other jails.
+This is deprecated in favor of the per-module parameters (see below).
+When this parameter is set, it is equivalent to setting
+.Va sysvmsg ,
+.Va sysvsem ,
+and
+.Va sysvshm
+all to
+.Dq inherit .
 .It Va allow.raw_sockets
 The jail root is allowed to create raw sockets.
 Setting this parameter allows utilities like
@@ -610,6 +614,51 @@ have not had jail functionality added to them.
 .El
 .El
 .Pp
+Kernel modules may add their own parameters, which only exist when the
+module is loaded.
+These are typically headed under a parameter named after the module,
+with values of
+.Dq inherit
+to give the jail full use of the module,
+.Dq new
+to encapsulate the jail in some module-specific way,
+and
+.Dq disable
+to make the module unavailable to the jail.
+There also may be other parameters to define jail behavior within the module.
+Module-specific parameters include:
+.Bl -tag -width indent
+.It Va linux
+Determine how a jail's Linux emulation environment appears.
+A value of
+.Dq inherit
+will keep the same environment, and
+.Dq new
+will give the jail it's own environment (still originally inherited when
+the jail is created).
+.It Va linux.osname , linux.osrelease , linux.oss_version
+The Linux OS name, OS release, and OSS version associated with this jail.
+.It Va sysvmsg
+Allow access to SYSV IPC message primitives.
+If set to
+.Dq inherit ,
+all IPC objects on the system are visible to this jail, whether they
+were created by the jail itself, the base system, or other jails.
+If set to
+.Dq new ,
+the jail will have its own key namespace, and can only see the objects
+that it has created;
+the system (or parent jail) has access to the jail's objects, but not to
+its keys.
+If set to
+.Dq disable ,
+the jail cannot perform any sysvmsg-related system calls.
+.It Va sysvsem, sysvmsg
+Allow access to SYSV IPC semaphore and shared memory primitives, in the
+same manner as
+.Va sysvmsg.
+.El
+.Pp
 There are pseudo-parameters that are not passed to the kernel, but are
 used by
 .Nm