summaryrefslogtreecommitdiffstats
path: root/usr.sbin/jail
Commit message (Collapse)AuthorAgeFilesLines
* Mechanically kill hard sentence breaks.ru2004-07-021-2/+4
|
* Prepare jail(8) utility for new functionality which will limitpjd2004-06-271-4/+6
| | | | | | seeing status of mounted file system for jailed processes. Pass full path of jail's root directory to the kernel. mount(8) utility is doing the same thing already.
* Markup nits.ru2004-06-051-7/+11
|
* Sentences should not start with conjunctions. Change "Because"csjp2004-06-011-2/+2
| | | | | | to "Since". Pointed out by: Ceri
* Add a warning note to security.jail.allow_raw_socketscsjp2004-06-011-1/+4
| | | | | | | | | | | | | | | about the risks of enabling raw sockets in prisons. Because raw sockets can be used to configure and interact with various network subsystems, extra caution should be used where privileged access to jails is given out to untrusted parties. As such, by default this option is disabled. A few others and I are currently auditing the kernel source code to ensure that the use of raw sockets by privledged prison users is safe. Approved by: bmilekic (mentor)
* o Implement -U flag: run command as user which exists only in jail.maxim2004-05-292-19/+40
| | | | | | | | | o getpwnam(3) returns NULL and does not set errno when the user does not exist. Bail out with "no such user" instead of "Unknown error: 0". PR: bin/67262 Submitted by: demon (-U flag) MFC after: 3 weeks
* Typos and nits.dannyboy2004-05-201-19/+19
|
* Document security.jail.getfsstatroot_only sysctl.pjd2004-05-201-0/+14
| | | | | Obtained from: rwatson's commit log Approved by: rwatson
* mdoc(7) cleanup for the last commit to this file.simon2004-05-041-3/+10
| | | | OK'ed by: bmilekic
* Ammend jail(8) man page to explain new sysctl for raw-socketsbmilekic2004-05-031-0/+7
| | | | | | inside jails, Christian's last submission. Submitted by: Christian S.J. Peron <maneo@bsdpro.com>
* Correct typo.le2004-02-061-1/+1
|
* A variety of content cleanups:rwatson2003-11-201-22/+70
| | | | | | | | | | | | | | | | | | | | | | | (1) Document the notion of using jail(8) to run "virtual servers" or just to constrain specific applications. If only running specific applications, some configuration steps are unnecessary (such as editing rc.conf). (2) Add some more subsection headers to break up the bigger chunks of text. (3) Clarify the problems associated with applications binding all IP addresses in the host, and attempt to be more specific about potential application problems. Document how to force sshd to bind the the right socket. (4) Suggest that in a jailed application scenario, you might want to have the host syslogd listen on the socket in the jail, rather than running syslogd in the jail. (5) Catch another reference to /stand/sysinstall. Approved by: re (bmah implicitly)
* No need to copy sysinstall into a jail with -CURRENT, since inrwatson2003-11-201-10/+2
| | | | | | -CURRENT, we have /usr/sbin/sysinstall. Approved by: re (bmah implicitly)
* - Add a note that there are two MIB variables that have per-jailkensmith2003-11-111-0/+8
| | | | | | | settings. Reviewed by: rwatson Approved by: blackend (mentor)
* add FBSDIDcharnier2003-07-061-3/+3
|
* When pointing users at mount_devfs to populate the /dev of a jail,rwatson2003-06-261-0/+10
| | | | | | | tell them that they also need to use devfs rules to prevent inappropriate devices from appearing in the jail; add an Xref. In earlier versions of this man page, the user was instructed to use sh MAKEDEV jail, which only created a minimal set of device nodes.
* Force output of jail ID (if necessary) before excuting the command,mike2003-04-211-1/+3
| | | | | otherwise redirection of stdout to a file using block buffering will not complete in time.
* o Add jls(8) for listing active jails.mike2003-04-092-20/+35
| | | | | | | o Add jexec(8) to execute a command in an existing jail. o Add -j option for killall(1) to kill all processes in a specified jail. o Add -i option to jail(8) to output jail ID of newly created jail.
* Free login_cap(3) resources after usage.maxim2003-04-071-0/+1
| | | | Submitted by: demon
* o Fix error messages formatting, style.maxim2003-04-021-29/+22
| | | | | Prodded by: bde Reviewed by: bde
* o Add -u <username> flag to jail(8): set user context before exec.maxim2003-03-273-12/+84
| | | | | | | PR: bin/44320 Submitted by: Mike Matsnev <mike@po.cs.msu.su> Reviewed by: -current MFC after: 6 weeks
* portmap_enable -> rpcbind_enable.maxim2003-03-181-2/+2
| | | | Spotted by: Andrew Khlebutin <andreyh@perm.ru>
* Remove traces of MAKEDEV & add xref to mount_devfs(8).keramida2003-02-281-2/+2
| | | | | | | DEVFS is now mandatory in CURRENT. PR: docs/48095 Submitted by: Grzegorz Czaplinski <G.Czaplinski@prioris.mini.pw.edu.pl>
* Fix example, we do not need NO_MAKEDEV_RUN any more.phk2002-10-221-1/+1
| | | | XXX: this example should be updated with a good example of devfs(8) rules.
* The .Nm utilitycharnier2002-07-141-2/+2
|
* Fix IP address typo.dd2002-05-201-1/+1
| | | | | PR: 38313 Submitted by: Jeff Ito <jeffi@rcn.com>
* Usage style sweep: spell "usage" with a small 'u'.des2002-04-221-1/+1
| | | | | Also change one case of blatant __progname abuse (several more remain) This commit does not touch anything in src/{contrib,crypto,gnu}/.
* - Attempt to help declutter kern. sysctl by moving security out fromarr2002-01-161-6/+6
| | | | | | beneath it. Reviewed by: rwatson
* mdoc(7) police: ispell rev. 1.32.ru2002-01-101-1/+1
|
* mdoc(7) police: tidy up previous delta.ru2002-01-101-3/+9
|
* Add some wisdom to the jail setup instructions.phk2001-12-141-1/+11
|
* mdoc(7) police overhaul.ru2001-12-141-118/+155
|
* - Update the sysctl mibs in order to reflect the recent kern_jail.carr2001-12-121-9/+9
| | | | | | | changes. Approved by: rwatson Reviewed by: rwatson
* syslogd can now be configured to bind to a specific address.dd2001-09-031-5/+2
|
* This is not jail(2), or anything else suitable to be referenced with .Fn.dd2001-08-271-2/+2
|
* Perform a major cleanup of the usr.sbin Makefiles.obrien2001-07-201-2/+3
| | | | | These are not perfectly in agreement with each other style-wise, but they are orders of orders of magnitude more consistent style-wise than before.
* Remove whitespace at EOL.dd2001-07-151-2/+2
|
* mdoc(7) police: removed HISTORY info from the .Os call.ru2001-07-101-1/+1
|
* mdoc(7) police: sort xrefs.ru2001-07-051-1/+1
|
* Set WARNS=2 on programs that compile cleanly with it; add $FreeBSD$dd2001-06-301-0/+1
| | | | | | where necessary. Submitted by: Mike Barcroft <mike@q9media.com>
* Add missing includes and sort includes.dd2001-06-241-4/+8
|
* Include missing header files which define functions for which gcc hasdd2001-06-241-0/+2
| | | | builtints (e.g., exit, strcmp).
* Correct cross-reference:sobomax2001-06-071-2/+2
| | | | | | portmap.8 --> rpcbind.8 Submitted by: .Xr testing script
* Change NO_MAKEDEV to a finer granularity method:asmodai2001-03-291-1/+1
| | | | | | | | | NO_MAKEDEV_INSTALL and NO_MAKEDEV_RUN. The former implying the latter. The names imply what they do. The last commit by DES based on a PR defeated the original idea behind NO_MAKEDEV, which was not to run MAKEDEV, but to do the installation of MAKEDEV. This should satisfy both parties on the MAKEDEV challenge. Reflect this in the documentation.
* - Backout botched attempt to introduce MANSECT feature.ru2001-03-261-0/+1
| | | | - MAN[1-9] -> MAN.
* Set the default manual section for usr.sbin/ to 8.ru2001-03-201-1/+0
|
* o Replace part-wise instructions for building world for jail(8) withrwatson2001-03-111-5/+1
| | | | | | | | | | a simple make world; while this does a bit more work, it means that jail(8) doesn't have to be kept in sync with /usr/src/Makefile{,.inc1} which is a moving target. MFC candidate. Submitted by: FUJISHIMA Satsuki <sf@FreeBSD.org> Reviewed by: phk Also pointed out by: Phil Kernick <Phil@Kernick.org>
* mdoc(7) police: split punctuation characters + misc fixes.ru2001-02-011-3/+3
|
* mdoc(7) police: removed history info from the .Os FreeBSD call.ru2000-12-141-1/+1
|
* mdoc(7) police: use the new features of the Nm macro.ru2000-11-201-1/+1
|
OpenPOWER on IntegriCloud