diff options
| author | arr <arr@FreeBSD.org> | 2001-12-12 05:24:50 +0000 |
|---|---|---|
| committer | arr <arr@FreeBSD.org> | 2001-12-12 05:24:50 +0000 |
| commit | a83ce1350e24d7c13308afd73d61f23b5fd27657 (patch) | |
| tree | 114f885ca7859f2143ec821aed8f7c5a6377146e /usr.sbin/jail | |
| parent | e55fee21435fa5fed51c6e48502d11c41759b634 (diff) | |
| download | FreeBSD-src-a83ce1350e24d7c13308afd73d61f23b5fd27657.zip FreeBSD-src-a83ce1350e24d7c13308afd73d61f23b5fd27657.tar.gz | |
- Update the sysctl mibs in order to reflect the recent kern_jail.c
changes.
Approved by: rwatson
Reviewed by: rwatson
Diffstat (limited to 'usr.sbin/jail')
| -rw-r--r-- | usr.sbin/jail/jail.8 | 18 |
1 files changed, 9 insertions, 9 deletions
diff --git a/usr.sbin/jail/jail.8 b/usr.sbin/jail/jail.8 index 0406949..cfab772 100644 --- a/usr.sbin/jail/jail.8 +++ b/usr.sbin/jail/jail.8 @@ -193,10 +193,10 @@ virtual host interface, and then start the jail's script from within the jail. .Pp NOTE: If you plan to allow untrusted users to have root access inside the -jail, you may wish to consider setting the jail.set_hostname_allowed to -0. Please see the management reasons why this is a good idea. If you -do decide to set this variable, it must be set before starting any jails, -and once each boot. +jail, you may wish to consider setting the +kern.security.jail.set_hostname_allowed to 0. Please see the management +reasons why this is a good idea. If you do decide to set this variable, +it must be set before starting any jails, and once each boot. .Bd -literal -offset indent # ifconfig ed0 inet alias 192.168.11.100 netmask 255.255.255.255 # mount -t procfs proc /data/jail/192.168.11.100/proc @@ -263,13 +263,13 @@ default, modified from within the jail, so the .Pa /proc status entry is unreliable by default. To disable the setting of the hostname from within a jail, set the -.Dq Va jail.set_hostname_allowed +.Dq Va kern.security.jail.set_hostname_allowed sysctl variable in the host environment to 0, which will affect all jails. You can have this sysctl set each boot using .Xr sysctl.conf 5 . Just add the following line to sysctl.conf: .Bd -literal -offset indent -jail.set_hostname_allowed=0 +kern.security.jail.set_hostname_allowed=0 .Ed .Pp In a future version of @@ -284,7 +284,7 @@ MIB variables. Currently, these variables affect all jails on the system, although in the future this functionality may be finer grained. .Bl -tag -width XXX -.It jail.set_hostname_allowed +.It kern.security.jail.set_hostname_allowed This MIB entry determines whether or not processes within a jail are allowed to change their hostname via .Xr hostname 1 @@ -296,7 +296,7 @@ information in .Pa /proc . As such, this should be disabled in environments where privileged access to jails is given out to untrusted parties. -.It jail.socket_unixiproute_only +.It kern.security.jail.socket_unixiproute_only The jail functionality binds an IPv4 address to each jail, and limits access to other network addresses in the IPv4 space that may be available in the host environment. @@ -312,7 +312,7 @@ permitting them access to UNIX domain sockets, IPv4 addresses, and routing sockets. To enable access to other domains, this MIB variable may be set to 0. -.It jail.sysvipc_allowed +.It kern.security.jail.sysvipc_allowed This MIB entry determines whether or not processes within a jail have access to System V IPC primitives. In the current jail implementation, System V primitives share a single |
