summaryrefslogtreecommitdiffstats
path: root/lib/libc/sys/jail.2
diff options
context:
space:
mode:
Diffstat (limited to 'lib/libc/sys/jail.2')
-rw-r--r--lib/libc/sys/jail.2142
1 files changed, 142 insertions, 0 deletions
diff --git a/lib/libc/sys/jail.2 b/lib/libc/sys/jail.2
new file mode 100644
index 0000000..5cba4bf
--- /dev/null
+++ b/lib/libc/sys/jail.2
@@ -0,0 +1,142 @@
+.\"
+.\" ----------------------------------------------------------------------------
+.\" "THE BEER-WARE LICENSE" (Revision 42):
+.\" <phk@FreeBSD.ORG> wrote this file. As long as you retain this notice you
+.\" can do whatever you want with this stuff. If we meet some day, and you think
+.\" this stuff is worth it, you can buy me a beer in return. Poul-Henning Kamp
+.\" ----------------------------------------------------------------------------
+.\"
+.\" $FreeBSD$
+.\"
+.Dd April 8, 2003
+.Dt JAIL 2
+.Os
+.Sh NAME
+.Nm jail , jail_attach
+.Nd imprison current process and future descendants
+.Sh LIBRARY
+.Lb libc
+.Sh SYNOPSIS
+.In sys/param.h
+.In sys/jail.h
+.Ft int
+.Fn jail "struct jail *jail"
+.Ft int
+.Fn jail_attach "int jid"
+.Sh DESCRIPTION
+The
+.Fn jail
+system call sets up a jail and locks the current process in it.
+.Pp
+The argument is a pointer to a structure describing the prison:
+.Bd -literal -offset indent
+struct jail {
+ u_int32_t version;
+ char *path;
+ char *hostname;
+ u_int32_t ip_number;
+};
+.Ed
+.Pp
+.Dq Li version
+defines the version of the API in use.
+It should be set to zero at this time.
+.Pp
+The
+.Dq Li path
+pointer should be set to the directory which is to be the root of the
+prison.
+.Pp
+The
+.Dq Li hostname
+pointer can be set to the hostname of the prison.
+This can be changed
+from the inside of the prison.
+.Pp
+The
+.Dq Li ip_number
+can be set to the IP number assigned to the prison.
+.Pp
+The
+.Fn jail_attach
+system call attaches the current process to an existing jail,
+identified by
+.Fa jid .
+.Sh RETURN VALUES
+If successful,
+.Fn jail
+returns a non-negative integer, termed the jail identifier (JID).
+It returns \-1 on failure, and sets
+.Va errno
+to indicate the error.
+.Pp
+.Rv -std jail_attach
+.Sh PRISON?
+Once a process has been put in a prison, it and its descendants cannot escape
+the prison.
+.Pp
+Inside the prison, the concept of
+.Dq superuser
+is very diluted.
+In general,
+it can be assumed that nothing can be mangled from inside a prison which
+does not exist entirely inside that prison.
+For instance the directory
+tree below
+.Dq Li path
+can be manipulated all the ways a root can normally do it, including
+.Dq Li "rm -rf /*"
+but new device special nodes cannot be created because they reference
+shared resources (the device drivers in the kernel).
+The effective
+.Dq securelevel
+for a process is the greater of the global
+.Dq securelevel
+or, if present, the per-jail
+.Dq securelevel .
+.Pp
+All IP activity will be forced to happen to/from the IP number specified,
+which should be an alias on one of the network interfaces.
+.Pp
+It is possible to identify a process as jailed by examining
+.Dq Li /proc/<pid>/status :
+it will show a field near the end of the line, either as
+a single hyphen for a process at large, or the hostname currently
+set for the prison for jailed processes.
+.Sh ERRORS
+The
+.Fn jail
+system call
+will fail if:
+.Bl -tag -width Er
+.It Bq Er EINVAL
+The version number of the argument is not correct.
+.El
+.Pp
+Further
+.Fn jail
+calls
+.Xr chroot 2
+internally, so it can fail for all the same reasons.
+Please consult the
+.Xr chroot 2
+manual page for details.
+.Sh SEE ALSO
+.Xr chdir 2 ,
+.Xr chroot 2
+.Sh HISTORY
+The
+.Fn jail
+system call appeared in
+.Fx 4.0 .
+The
+.Fn jail_attach
+system call appeared in
+.Fx 5.1 .
+.Sh AUTHORS
+The jail feature was written by
+.An Poul-Henning Kamp
+for R&D Associates
+.Dq Li http://www.rndassociates.com/
+who contributed it to
+.Fx .
OpenPOWER on IntegriCloud