diff options
author | jamie <jamie@FreeBSD.org> | 2016-04-25 17:06:50 +0000 |
---|---|---|
committer | jamie <jamie@FreeBSD.org> | 2016-04-25 17:06:50 +0000 |
commit | 3f9624c2d6fa37490ee239309298e17530ac9c19 (patch) | |
tree | 8b5f70412c6d097919a941e04072e13af8e43ca7 /usr.sbin | |
parent | fb98805f53b9db4a0cfc5b9c1097d72a85dc642a (diff) | |
download | FreeBSD-src-3f9624c2d6fa37490ee239309298e17530ac9c19.zip FreeBSD-src-3f9624c2d6fa37490ee239309298e17530ac9c19.tar.gz |
Encapsulate SYSV IPC objects in jails. Define per-module parameters
sysvmsg, sysvsem, and sysvshm, with the following bahavior:
inherit: allow full access to the IPC primitives. This is the same as
the current setup with allow.sysvipc is on. Jails and the base system
can see (and moduly) each other's objects, which is generally considered
a bad thing (though may be useful in some circumstances).
disable: all no access, same as the current setup with allow.sysvipc off.
new: A jail may see use the IPC objects that it has created. It also
gets its own IPC key namespace, so different jails may have their own
objects using the same key value. The parent jail (or base system) can
see the jail's IPC objects, but not its keys.
PR: 48471
Submitted by: based on work by kikuchan98@gmail.com
MFC after: 5 days
Diffstat (limited to 'usr.sbin')
-rw-r--r-- | usr.sbin/jail/jail.8 | 31 |
1 files changed, 27 insertions, 4 deletions
diff --git a/usr.sbin/jail/jail.8 b/usr.sbin/jail/jail.8 index f66889c..6dd8c7f 100644 --- a/usr.sbin/jail/jail.8 +++ b/usr.sbin/jail/jail.8 @@ -493,10 +493,14 @@ or .Xr sethostname 3 . .It Va allow.sysvipc A process within the jail has access to System V IPC primitives. -In the current jail implementation, System V primitives share a single -namespace across the host and jail environments, meaning that processes -within a jail would be able to communicate with (and potentially interfere -with) processes outside of the jail, and in other jails. +This is deprecated in favor of the per-module parameters (see below). +When this parameter is set, it is equivalent to setting +.Va sysvmsg , +.Va sysvsem , +and +.Va sysvshm +all to +.Dq inherit . .It Va allow.raw_sockets The jail root is allowed to create raw sockets. Setting this parameter allows utilities like @@ -634,6 +638,25 @@ will give the jail it's own environment (still originally inherited when the jail is created). .It Va linux.osname , linux.osrelease , linux.oss_version The Linux OS name, OS release, and OSS version associated with this jail. +.It Va sysvmsg +Allow access to SYSV IPC message primitives. +If set to +.Dq inherit , +all IPC objects on the system are visible to this jail, whether they +were created by the jail itself, the base system, or other jails. +If set to +.Dq new , +the jail will have its own key namespace, and can only see the objects +that it has created; +the system (or parent jail) has access to the jail's objects, but not to +its keys. +If set to +.Dq disable , +the jail cannot perform any sysvmsg-related system calls. +.It Va sysvsem, sysvmsg +Allow access to SYSV IPC semaphore and shared memory primitives, in the +same manner as +.Va sysvmsg. .El .Pp There are pseudo-parameters that are not passed to the kernel, but are |