#
298889 |
|
01-May-2016 |
jamie |
MFC r298888: typo
Submitted by: Jimmy Olgeni
|
#
298835 |
|
30-Apr-2016 |
jamie |
MFC r298584:
Note the existence of module-specific jail paramters, starting with the linux.* parameters when linux emulation is loaded.
MFC r298585:
Encapsulate SYSV IPC objects in jails. Define per-module parameters sysvmsg, sysvsem, and sysvshm, with the following bahavior:
inherit: allow full access to the IPC primitives. This is the same as the current setup with allow.sysvipc is on. Jails and the base system can see (and moduly) each other's objects, which is generally considered a bad thing (though may be useful in some circumstances).
disable: all no access, same as the current setup with allow.sysvipc off.
new: A jail may see use the IPC objects that it has created. It also gets its own IPC key namespace, so different jails may have their own objects using the same key value. The parent jail (or base system) can see the jail's IPC objects, but not its keys.
PR: 48471
|
#
295951 |
|
24-Feb-2016 |
araujo |
MFH: 285685 Add support to the jail framework to be able to mount linsysfs(5) and linprocfs(5).
PR: 207179 Requested by: thomas@gibfest.dk Reviewed by: jamie, bapt Approved by: re (gjb) Sponsored by: gandi.net Differential Revision: https://reviews.freebsd.org/D5390
|
#
286239 |
|
03-Aug-2015 |
dru |
MFC r285869. Fix transposed words in man page.
PR: 201752 Reviewed by: gjb
|
#
280632 |
|
25-Mar-2015 |
ian |
MFC r279361, r279395, r279396:
Allow the kern.osrelease and kern.osreldate sysctl values to be set in a jail's creation parameters. This allows the kernel version to be reliably spoofed within the jail whether examined directly with sysctl or indirectly with the uname -r and -K options.
Export the new osreldate and osrelease jail parms in jail_get(2).
Fix line wrap.
|
#
278484 |
|
09-Feb-2015 |
jamie |
MFC r278323:
Add mount.procfs jail parameter, so procfs can be mounted when a prison's root is in its fstab.
Also fix a typo while I'm at it.
PR: 197237 197066
|
#
277985 |
|
31-Jan-2015 |
jamie |
MFC r277855:
Add allow.mount.fdescfs jail flag.
PR: 192951 Submitted by: ruben@verweg.com
|
#
269970 |
|
14-Aug-2014 |
gavin |
Merge r266206 from head (by bjk):
Review pass through jail.8
Replace usage of "prison" with "jail", since that term has mostly dropped out of use. Note once at the beginning that the "prison" term is equivalent, but do not use it otherwise. [1]
Some grammar issues.
Some mdoc formatting fixes.
Consistently use \(em for em dashes, with spaces around it.
Avoid contractions.
Prefer ssh to telnet.
PR: 176832 [1]
|
#
269929 |
|
13-Aug-2014 |
gavin |
Merge r268488 from head:
Reword an awkward option description
PR: 191726 Submitted by: yaneurabeya gmail.com
|
#
269805 |
|
11-Aug-2014 |
smh |
MFC r269522
Added support for extra ifconfig args to jail ip4.addr & ip6.addr params
This allows for CARP interfaces to be used in jails e.g. ip4.addr = "em0|10.10.1.20/32 vhid 1 pass MyPass advskew 100"
r269340 will not be MFC'ed as mentioned due to the slim window and the amount of additional commits required to support it.
Sponsored by: Multiplay
|
#
256387 |
|
12-Oct-2013 |
hrs |
MFC 256385:
- Add mount.fdescfs parameter to jail(8). This is similar to mount.devfs but mounts fdescfs. The mount happens just after mount.devfs.
- rc.d/jail now displays whole error message from jail(8) when a jail fails to start.
Approved by: re (gjb)
|
#
286239 |
|
03-Aug-2015 |
dru |
MFC r285869. Fix transposed words in man page.
PR: 201752 Reviewed by: gjb
|
#
280632 |
|
25-Mar-2015 |
ian |
MFC r279361, r279395, r279396:
Allow the kern.osrelease and kern.osreldate sysctl values to be set in a jail's creation parameters. This allows the kernel version to be reliably spoofed within the jail whether examined directly with sysctl or indirectly with the uname -r and -K options.
Export the new osreldate and osrelease jail parms in jail_get(2).
Fix line wrap.
|
#
278484 |
|
09-Feb-2015 |
jamie |
MFC r278323:
Add mount.procfs jail parameter, so procfs can be mounted when a prison's root is in its fstab.
Also fix a typo while I'm at it.
PR: 197237 197066
|
#
277985 |
|
31-Jan-2015 |
jamie |
MFC r277855:
Add allow.mount.fdescfs jail flag.
PR: 192951 Submitted by: ruben@verweg.com
|
#
269970 |
|
14-Aug-2014 |
gavin |
Merge r266206 from head (by bjk):
Review pass through jail.8
Replace usage of "prison" with "jail", since that term has mostly dropped out of use. Note once at the beginning that the "prison" term is equivalent, but do not use it otherwise. [1]
Some grammar issues.
Some mdoc formatting fixes.
Consistently use \(em for em dashes, with spaces around it.
Avoid contractions.
Prefer ssh to telnet.
PR: 176832 [1]
|
#
269929 |
|
13-Aug-2014 |
gavin |
Merge r268488 from head:
Reword an awkward option description
PR: 191726 Submitted by: yaneurabeya gmail.com
|
#
269805 |
|
11-Aug-2014 |
smh |
MFC r269522
Added support for extra ifconfig args to jail ip4.addr & ip6.addr params
This allows for CARP interfaces to be used in jails e.g. ip4.addr = "em0|10.10.1.20/32 vhid 1 pass MyPass advskew 100"
r269340 will not be MFC'ed as mentioned due to the slim window and the amount of additional commits required to support it.
Sponsored by: Multiplay
|
#
256387 |
|
12-Oct-2013 |
hrs |
MFC 256385:
- Add mount.fdescfs parameter to jail(8). This is similar to mount.devfs but mounts fdescfs. The mount happens just after mount.devfs.
- rc.d/jail now displays whole error message from jail(8) when a jail fails to start.
Approved by: re (gjb)
|