#
1a720cbe |
|
15-May-2024 |
Alexander Ziaee <concussious@runbox.com> |
man filesystems: fix xrefs after move to section 4 Reviewed by: des, imp Pull Request: https://github.com/freebsd/freebsd-src/pull/1077
|
#
d50685b3 |
|
16-Mar-2024 |
Jamie Gritton <jamie@FreeBSD.org> |
jail: add the -C flag to clean up after a partially removed jail Differential Revision: https://reviews.freebsd.org/D42670
|
#
e0dfe185 |
|
17-Jan-2024 |
Alexander Leidinger <netchild@FreeBSD.org> |
jail(8): add support for ZFS datasets Add zfs.dataset to jail(8) to add a list of ZFS datasets. Bump FreeBSD version for jail managers to switch to native dataset support. Datasets are attached to the jail after the jail creation and before the execution of any start command. Unlike current implementations in jail managers which attach datasets after the start command, this allows the zfs rc.d script to mount the datasets on start. Discussed with: jamie
|
#
ed31b3f4 |
|
29-Nov-2023 |
Jamie Gritton <jamie@FreeBSD.org> |
jail: Don't allow jail_set(2) to resurrect dying jails. Currently, a prison in "dying" state (removed but still holding resources) can be brought back to alive state via "jail -d", or the JAIL_DYING flag to jail_set(2). This seemed like a good idea at the time. Its main use was to improve support for specifying the jid when creating a jail, which also seemed like a good idea at the time. But resurrecting a jail that was partway through thr process of shutting down is trouble waiting to happen. This patch deprecates that flag, leaving it as a no-op for creating jails (but still useful for looking at dying jails). It sill allows creating a new jail with the same jid as a dying one, but will renumber the old one in that case. That's imperfect, but allows for current behavior. Reviewed by: bz Differential Revision: https://reviews.freebsd.org/D28150
|
#
edd28b85 |
|
01-Sep-2023 |
Dmitry Chagin <dchagin@FreeBSD.org> |
jail(8): Fix mandoc warnings Reviewed by: gbe Differential Revision: https://reviews.freebsd.org/D41680 MFC after: 1 week
|
#
cb48780d |
|
01-Sep-2023 |
Shawn Webb <shawn.webb@hardenedbsd.org> |
jail: Add the ability to access system-level filesystem extended attributes Prior to this commit privileged accounts in a jail could not access to the filesystem extended attributes in the system namespace. To control access to the system namespace in a per-jail basis add a new configuration parameter allow.extattr which is off by default. Reported by: zirias Tested by: zirias Obtained from: HardenedBSD Reviewed by: kevans, jamie Differential revision: https://reviews.freebsd.org/D41643 MFC after: 1 week Relnotes: yes
|
#
db08e8ba |
|
31-Aug-2023 |
Jamie Gritton <jamie@FreeBSD.org> |
Re-remove $FreeBSD$ inadvertantly put back into jail.8
|
#
dab7fc49 |
|
28-Aug-2023 |
Jamie Gritton <jamie@FreeBSD.org> |
jail: make jail(8) man page more readable and more correct The synopsis section of jail(8) is fine at showing everything that could be on the command line, but doesn't make much sense. Add some sub- ections for the different uses of the command. Also fix up the paragraph about command-line parameter specification, including removing some clearly erroneous information. Reviewed by: dvl MFC after: 3 days Differential Revision: https://reviews.freebsd.org/D41606
|
#
fa9896e0 |
|
16-Aug-2023 |
Warner Losh <imp@FreeBSD.org> |
Remove $FreeBSD$: two-line nroff pattern Remove /^\.\\"\n\.\\"\s*\$FreeBSD\$$\n/
|
#
c0f94fee |
|
14-Mar-2023 |
Rick Macklem <rmacklem@FreeBSD.org> |
jail.8: Update the allow.nfsd section This patch updates the information for "allow.nfsd" and adds configuration information. This is a content change. Reviewed by: karels, markj, pauamma (manpages) MFC after: 3 months Differential Revision: https://reviews.freebsd.org/D39033
|
#
cfd6acbb |
|
11-Jul-2022 |
Elvin Aslanov <rwp.primary@gmail.com> |
jail: Correct jail_max_af_ips sysctl name The sysctl is named "security.jail.jail_max_af_ips" with the jail_ prefix in the final part. Reviewed by: imp Pull Request: https://github.com/freebsd/freebsd-src/pull/605
|
#
d4b4f3b9 |
|
17-Dec-2022 |
Rick Macklem <rmacklem@FreeBSD.org> |
jail.8: Update the man page for allow.nfsd Commit bba7a2e89602 added "allow.nfsd" to optionally allow mountd/nfsd to be run inside a vnet prison when the kernel is built with "options VNET_NFSD". This patch updates the man page for this change. This is a content change. Reviewed by: jamie, bcr (manpages) MFC after: 4 months Differential Revision: https://reviews.freebsd.org/D37665
|
#
203be093 |
|
18-Jul-2022 |
Mateusz Piotrowski <0mp@FreeBSD.org> |
jail.8: Fix formatting of synopsis and some code examples MFC after: 3 days
|
#
4a3c598f |
|
27-Jun-2022 |
Fernando Apesteguía <fernape@FreeBSD.org> |
Bump .Dd for recently modified manual pages During the removal of named(8) references, some pages were modified but their .Dd where not updated accordingly. Reported by: lwhsu@ Fixes: 942e234d868d
|
#
942e234d |
|
22-Jun-2022 |
Fernando Apesteguía <fernape@FreeBSD.org> |
Remove references to named(8) named(8) hasn't been in base for some time. Remove all references to it in manual pages. Approved by: manpages (Pau Amma) Differential Revision: https://reviews.freebsd.org/D35586
|
#
8c1d956f |
|
04-Apr-2021 |
Jamie Gritton <jamie@FreeBSD.org> |
jail: fix jail(8) synposis and usage message to match reality. Reported by: yuri PR: 254741 MFC after: 5 days
|
#
05e1e482 |
|
18-Nov-2020 |
Mariusz Zaborski <oshogbo@FreeBSD.org> |
jail: introduce per jail suser_enabled setting The suser_enable sysctl allows to remove a privileged rights from uid 0. This change introduce per jail setting which allow to make root a normal user. Reviewed by: jamie Previous version reviewed by: kevans, emaste, markj, me_igalic.co Discussed with: pjd Differential Revision: https://reviews.freebsd.org/D27128
|
#
66005c45 |
|
14-May-2020 |
Ryan Moeller <freqlabs@FreeBSD.org> |
jail: Add exec.prepare and exec.release command hooks This change introduces new jail command hooks that run before and after any other actions. The exec.prepare hook can be used for example to invoke a script that checks if the jail's root exists, creating it if it does not. Since arbitrary variables in jail.conf can be passed to the command, it can be pretty useful for templating jails. An example use case for exec.release would be to remove the filesystem of an ephemeral jail. The names "prepare" and "release" are borrowed from the names of similar hooks in libvirt. Reviewed by: jamie, manpages, mmacy Approved by: mmacy (mentor) MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D24829
|
#
4e49fbcd |
|
17-Apr-2020 |
Eugene Grosbein <eugen@FreeBSD.org> |
jail(8): improve manual and usage information with more clear description for "jail -e" mode to show that it does not take additional jail name argument. Reported by: David Marec <david.marec@davenulle.org> MFC after: 3 days
|
#
5fda0d60 |
|
03-Oct-2019 |
Andriy Gapon <avg@FreeBSD.org> |
add ability to set watchdog timeout for a shutdown This change allows to specify a watchdog(9) timeout for a system shutdown. The timeout is activated when the watchdogd daemon is stopped. The idea is to a prevent any indefinite hang during late stages of the shutdown. The feature is implemented in rc.d/watchdogd, it builds upon watchdogd -x option. Note that the shutdown timeout is not actiavted when the watchdogd service is individually stopped by an operator. It is also not activated for the 'shutdown' to the single-user mode. In those cases it is assumed that the operator knows what they are doing and they have means to recover the system should it hang. Significant subchanges and implementation details: - the argument to rc.shutdown, completely unused before, is assigned to rc_shutdown variable that can be inspected by rc scripts - init(8) passes "single" or "reboot" as the argument, this is not changed - the argument is not mandatory and if it is not set then rc_shutdown is set to "unspecified" - however, the default jail management scripts and jail configuration examples have been updated to pass "jail" to rc.shutdown, just in case - the new timeout can be set via watchdogd_shutdown_timeout rc option - for consistency, the regular timeout can now be set via watchdogd_timeout rc option - watchdogd_shutdown_timeout and watchdogd_timeout override timeout specifications in watchdogd_flags - existing configurations, where the new rc options are not set, should keep working as before I am not particularly wed to any of the implementation specifics. I am open to changing or removing any of them as long as the provided functionality is the same (or very close) to the proposed one. For example, I think it can be implemented without using watchdogd -x, by means of watchdog(1) alone. In that case there would be a small window between stopping watchdogd and running watchdog, but I think that that is acceptable. Reviewed by: bcr (man page changes) MFC after: 5 weeks Relnotes: yes Differential Revision: https://reviews.freebsd.org/D21221
|
#
ffda6790 |
|
18-May-2019 |
Brooks Davis <brooks@FreeBSD.org> |
Change ed(4), ep(4), and fxp(4) examples to em(4). ed(4) and ep(4) have been removed. fxp(4) remains popular in older systems, but isn't as future proof as em(4). Reviewed by: bz, jhb MFC after: 3 days Differential Revision: https://reviews.freebsd.org/D20311
|
#
b3079544 |
|
27-Nov-2018 |
Jamie Gritton <jamie@FreeBSD.org> |
In hardened systems, where the security.bsd.unprivileged_proc_debug sysctl node is set, allow setting security.bsd.unprivileged_proc_debug per-jail. In part, this is needed to create jails in which the Address Sanitizer (ASAN) fully works as ASAN utilizes libkvm to inspect the virtual address space. Instead of having to allow unprivileged process debugging for the entire system, allow setting it on a per-jail basis. The sysctl node is still security.bsd.unprivileged_proc_debug and the jail(8) param is allow.unprivileged_proc_debug. The sysctl code is now a sysctl proc rather than a sysctl int. This allows us to determine setting the flag for the corresponding jail (or prison0). As part of the change, the dynamic allow.* API needed to be modified to take into account pr_allow flags which may now be disabled in prison0. This prevents conflicts with new pr_allow flags (like that of vmm(4)) that are added (and removed) dynamically. Also teach the jail creation KPI to allow differences for certain pr_allow flags between the parent and child jail. This can happen when unprivileged process debugging is disabled in the parent prison, but enabled in the child. Submitted by: Shawn Webb <lattera at gmail.com> Obtained from: HardenedBSD (45b3625edba0f73b3e3890b1ec3d0d1e95fd47e1, deba0b5078cef0faae43cbdafed3035b16587afc, ab21eeb3b4c72f2500987c96ff603ccf3b6e7de8) Relnotes: yes Sponsored by: HardenedBSD and G2, Inc Differential Revision: https://reviews.freebsd.org/D18319
|
#
1e1a4743 |
|
09-Nov-2018 |
Eugene Grosbein <eugen@FreeBSD.org> |
jail(8): introduce new command option -e to exhibit a list of configured non-wildcard jails with their parameters, no matter running or not. The option -e takes separator argument that is used to separate printed parameters. It will be used with following additions to system periodic scripts to differentiate parts of directory tree belonging jails as opposed to host's. MFC after: 1 month
|
#
4520f617 |
|
18-Oct-2018 |
Jamie Gritton <jamie@FreeBSD.org> |
Fix typos from r339409. Reported by: maxim Approved by: re (gjb)
|
#
b19d66fd |
|
17-Oct-2018 |
Jamie Gritton <jamie@FreeBSD.org> |
Add a new jail permission, allow.read_msgbuf. When true, jailed processes can see the dmesg buffer (this is the current behavior). When false (the new default), dmesg will be unavailable to jailed users, whether root or not. The security.bsd.unprivileged_read_msgbuf sysctl still works as before, controlling system-wide whether non-root users can see the buffer. PR: 211580 Submitted by: bz Approved by: re@ (kib@) MFC after: 3 days
|
#
951de554 |
|
20-Aug-2018 |
Bjoern Heidotting <bhd@FreeBSD.org> |
In r324732 sysinstall was replaced by bsdinstall. However, for post-install configuration, bsdinstall is not of much use. Point the user to bsdconfig instead. Reviewed by: 0mp, bcr Approved by: 0mp, bcr Differential Revision: https://reviews.freebsd.org/D16751
|
#
f6c0e63b |
|
15-Aug-2018 |
Alexander Leidinger <netchild@FreeBSD.org> |
- Add exec hook "exec.created". This is called when the jail is created and before exec.start is called. [1] - Bump __FreeBSD_version. This allows to attach ZFS datasets and various other things to be done before any command/service/rc-script is started in the new jail. PR: 228066 [1] Reviewed by: jamie [1] Submitted by: Stefan Grönke <stefan@gronke.net> [1] Differential Revision: https://reviews.freebsd.org/D15330 [1]
|
#
be963bee |
|
31-Jul-2018 |
Marcelo Araujo <araujo@FreeBSD.org> |
- Add the ability to run bhyve(8) within a jail(8). This patch adds a new sysctl(8) knob "security.jail.vmm_allowed", by default this option is disable. Submitted by: Shawn Webb <shawn.webb____hardenedbsd.org> Reviewed by: jamie@ and myself. Relnotes: Yes. Sponsored by: HardenedBSD and G2, Inc. Differential Revision: https://reviews.freebsd.org/D16057
|
#
ccd6ac9f |
|
28-Jul-2018 |
Antoine Brodin <antoine@FreeBSD.org> |
Add allow.mlock to jail parameters It allows locking or unlocking physical pages in memory within a jail This allows running elasticsearch with "bootstrap.memory_lock" inside a jail Reviewed by: jamie@ Differential Revision: https://reviews.freebsd.org/D16342
|
#
5717aa2d |
|
20-Jul-2018 |
Alan Somers <asomers@FreeBSD.org> |
Allow mounting FUSE filesystems in jails Reviewed by: jamie MFC after: 2 weeks Relnotes: yes Differential Revision: https://reviews.freebsd.org/D16371
|
#
0e5c6bd4 |
|
04-May-2018 |
Jamie Gritton <jamie@FreeBSD.org> |
Make it easier for filesystems to count themselves as jail-enabled, by doing most of the work in a new function prison_add_vfs in kern_jail.c Now a jail-enabled filesystem need only mark itself with VFCF_JAIL, and the rest is taken care of. This includes adding a jail parameter like allow.mount.foofs, and a sysctl like security.jail.mount_foofs_allowed. Both of these used to be a static list of known filesystems, with predefined permission bits. Reviewed by: kib Differential Revision: D14681
|
#
72130735 |
|
10-Nov-2017 |
Ed Maste <emaste@FreeBSD.org> |
Strip EOL whitespace in usr.sbin/{jail,jexec}
|
#
72cc0b3d |
|
18-Oct-2017 |
Benjamin Kaduk <bjk@FreeBSD.org> |
Adopt jail.8 to our brave new bsdinstall world Submitted by: Steve Kargl MFC after: 3 days
|
#
e28f9b7d |
|
05-Jun-2017 |
Allan Jude <allanjude@FreeBSD.org> |
Jails: Optionally prevent jailed root from binding to privileged ports You may now optionally specify allow.noreserved_ports to prevent root inside a jail from using privileged ports (less than 1024) PR: 217728 Submitted by: Matt Miller <mattm916@pulsar.neomailbox.ch> Reviewed by: jamie, cem, smh Relnotes: yes Differential Revision: https://reviews.freebsd.org/D10202
|
#
a8702c83 |
|
01-May-2016 |
Jamie Gritton <jamie@FreeBSD.org> |
typo Submitted by: Jimmy Olgeni
|
#
ab9604e1 |
|
30-Apr-2016 |
Jamie Gritton <jamie@FreeBSD.org> |
Clarify when happens when there is a "depend" parameter in jail.conf, and how this affects the "jail_list" option in rc.conf.
|
#
52a510ac |
|
25-Apr-2016 |
Jamie Gritton <jamie@FreeBSD.org> |
Encapsulate SYSV IPC objects in jails. Define per-module parameters sysvmsg, sysvsem, and sysvshm, with the following bahavior: inherit: allow full access to the IPC primitives. This is the same as the current setup with allow.sysvipc is on. Jails and the base system can see (and moduly) each other's objects, which is generally considered a bad thing (though may be useful in some circumstances). disable: all no access, same as the current setup with allow.sysvipc off. new: A jail may see use the IPC objects that it has created. It also gets its own IPC key namespace, so different jails may have their own objects using the same key value. The parent jail (or base system) can see the jail's IPC objects, but not its keys. PR: 48471 Submitted by: based on work by kikuchan98@gmail.com MFC after: 5 days
|
#
5d6cb09d |
|
25-Apr-2016 |
Jamie Gritton <jamie@FreeBSD.org> |
Note the existence of module-specific jail paramters, starting with the linux.* parameters when linux emulation is loaded. MFC after: 5 days
|
#
e94b881b |
|
10-Feb-2016 |
Jamie Gritton <jamie@FreeBSD.org> |
Remove man page references to rndassociates.com, which has been taken over by a domain squatter.
|
#
7ec72d48 |
|
25-Jul-2015 |
Dru Lavigne <dru@FreeBSD.org> |
Fix transposed words in man page. PR: 201752 Reviewed by: bcr MFC after: 3 days Sponsored by: Essen FreeBSD Hackathon
|
#
f19e47d6 |
|
19-Jul-2015 |
Marcelo Araujo <araujo@FreeBSD.org> |
Add support to the jail framework to be able to mount linsysfs(5) and linprocfs(5). Differential Revision: D2846 Submitted by: Nikolai Lifanov <lifanov@mail.lifanov.com> Reviewed by: jamie
|
#
95236448 |
|
24-Apr-2015 |
Joel Dahl <joel@FreeBSD.org> |
Fix minor mdoc issues.
|
#
946ea17f |
|
22-Mar-2015 |
Allan Jude <allanjude@FreeBSD.org> |
Fix typo in jail(8) man page PR: 198790 Differential Revision: https://reviews.freebsd.org/D2111 Submitted by: Jimmy Olgeni Approved by: wblock (mentor) Sponsored by: ScaleEngine Inc.
|
#
b96bd95b |
|
27-Feb-2015 |
Ian Lepore <ian@FreeBSD.org> |
Allow the kern.osrelease and kern.osreldate sysctl values to be set in a jail's creation parameters. This allows the kernel version to be reliably spoofed within the jail whether examined directly with sysctl or indirectly with the uname -r and -K options. The values can only be set at jail creation time, to eliminate the need for any locking when accessing the values via sysctl. The overridden values are inherited by nested jails (unless the config for the nested jails also overrides the values). There is no sanity or range checking, other than disallowing an empty release string or a zero release date, by design. The system administrator is trusted to set sane values. Setting values that are newer than the actual running kernel will likely cause compatibility problems. Differential Revision: https://reviews.freebsd.org/D1948 Relnotes: yes
|
#
07a7869f |
|
06-Feb-2015 |
Jamie Gritton <jamie@FreeBSD.org> |
Add mount.procfs jail parameter, so procfs can be mounted when a prison's root is in its fstab. Also fix a typo while I'm at it. PR: 197237 197066 MFC after: 3 days
|
#
464aad14 |
|
28-Jan-2015 |
Jamie Gritton <jamie@FreeBSD.org> |
Add allow.mount.fdescfs jail flag. PR: 192951 Submitted by: ruben@verweg.com MFC after: 3 days
|
#
914f6e62 |
|
26-Dec-2014 |
Joel Dahl <joel@FreeBSD.org> |
mdoc: sort SEE ALSO.
|
#
b22b6abd |
|
04-Aug-2014 |
Steven Hartland <smh@FreeBSD.org> |
Added support for extra ifconfig args to jail ip4.addr & ip6.addr params This allows for CARP interfaces to be used in jails e.g. ip4.addr = "em0|10.10.1.20/32 vhid 1 pass MyPass advskew 100" Before this change using exec.prestart to configure a CARP address would result in the wrong MAC being broadcast on startup as jail creates IP aliases to support ip[4|6].addr before exec.prestart is executed. PR: 191832 Reviewed by: jamie MFC after: 1 week X-MFC-With: r269340 Phabric: D528 Sponsored by: Multiplay
|
#
6bfc8b01 |
|
11-Jul-2014 |
Gavin Atkinson <gavin@FreeBSD.org> |
The month's name shall not be abbreviated.
|
#
4b829b3e |
|
10-Jul-2014 |
Gavin Atkinson <gavin@FreeBSD.org> |
Reword an awkward option description PR: 191726 Reported by: yaneurabeya gmail.com MFC after: 3 days
|
#
aaf40f14 |
|
16-May-2014 |
Benjamin Kaduk <bjk@FreeBSD.org> |
Bump .Dd, missed in r266206 Approved by: hrs (mentor, implicit)
|
#
06e36338 |
|
15-May-2014 |
Benjamin Kaduk <bjk@FreeBSD.org> |
Review pass through jail.8 Replace usage of "prison" with "jail", since that term has mostly dropped out of use. Note once at the beginning that the "prison" term is equivalent, but do not use it otherwise. [1] Some grammar issues. Some mdoc formatting fixes. Consistently use \(em for em dashes, with spaces around it. Avoid contractions. Prefer ssh to telnet. PR: docs/176832 [1] Approved by: hrs (mentor)
|
#
994e8550 |
|
17-Mar-2014 |
Robert Watson <rwatson@FreeBSD.org> |
Line-wrapping tweak: make the sample jail command line fit in 80 characters. MFC after: 3 days
|
#
f15444cc |
|
31-Jan-2014 |
Jamie Gritton <jamie@FreeBSD.org> |
Back out r261266 pending security buy-in. r261266: Add a jail parameter, allow.kmem, which lets jailed processes access /dev/kmem and related devices (i.e. grants PRIV_IO and PRIV_KMEM_WRITE). This in conjunction with changing the drm driver's permission check from PRIV_DRIVER to PRIV_KMEM_WRITE will allow a jailed Xorg server.
|
#
109ca2d5 |
|
29-Jan-2014 |
Jamie Gritton <jamie@FreeBSD.org> |
Add a jail parameter, allow.kmem, which lets jailed processes access /dev/kmem and related devices (i.e. grants PRIV_IO and PRIV_KMEM_WRITE). This in conjunction with changing the drm driver's permission check from PRIV_DRIVER to PRIV_KMEM_WRITE will allow a jailed Xorg server. Submitted by: netchild MFC after: 1 week
|
#
fbd868c9 |
|
12-Oct-2013 |
Hiroki Sato <hrs@FreeBSD.org> |
- Add mount.fdescfs parameter to jail(8). This is similar to mount.devfs but mounts fdescfs. The mount happens just after mount.devfs. - rc.d/jail now displays whole error message from jail(8) when a jail fails to start. Approved by: re (gjb)
|
#
2454886e |
|
23-Aug-2013 |
Xin LI <delphij@FreeBSD.org> |
Allow tmpfs be mounted inside jail.
|
#
6cbae38f |
|
16-Sep-2012 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Warn about filesystem-based attacks.
|
#
8972c8b6 |
|
03-Jun-2012 |
Joel Dahl <joel@FreeBSD.org> |
Minor spelling fixes.
|
#
344c81a1 |
|
23-May-2012 |
Warren Block <wblock@FreeBSD.org> |
Fixes to man8 groff mandoc style, usage mistakes, or typos. PR: 168016 Submitted by: Nobuyuki Koganemaru Approved by: gjb MFC after: 3 days
|
#
858b023a |
|
23-May-2012 |
Jamie Gritton <jamie@FreeBSD.org> |
Note that the new jail(8) will be appearing in 9.1.
|
#
4228c8a2 |
|
12-May-2012 |
Joel Dahl <joel@FreeBSD.org> |
Remove end of line whitespace.
|
#
7f4211dd |
|
11-May-2012 |
Joel Dahl <joel@FreeBSD.org> |
Fix .Pp macro.
|
#
06531226 |
|
29-Feb-2012 |
Martin Matuska <mm@FreeBSD.org> |
Bump .Dd to reflect latest update Reported by: bz MFC after: 1 week
|
#
41c0675e |
|
28-Feb-2012 |
Martin Matuska <mm@FreeBSD.org> |
Add procfs to jail-mountable filesystems. Reviewed by: jamie MFC after: 1 week
|
#
638f3782 |
|
28-Feb-2012 |
Martin Matuska <mm@FreeBSD.org> |
mdoc(7) stype - start new sentences on new line MFC after: 1 week
|
#
0c4d49e9 |
|
27-Feb-2012 |
Jamie Gritton <jamie@FreeBSD.org> |
Use the defvs_ruleset paramater when mounting a jail's /dev, instead of a mount.devfs.ruleset pseudo-parameter.
|
#
46571c7c |
|
27-Feb-2012 |
Jamie Gritton <jamie@FreeBSD.org> |
From r224286: Document the potential for jail escape. From r224615: Always disable mount and unmount for jails with enforce_statfs==2. From r231267: A new jail(8) option "devfs_ruleset" defines the ruleset enforcement for mounting devfs inside jails. A value of -1 disables mounting devfs in jails, a value of zero means no restrictions. Nested jails can only have mounting devfs disabled or inherit parent's enforcement as jails are not allowed to view or manipulate devfs(8) rules. From r232059: To improve control over the use of mount(8) inside a jail(8), introduce a new jail parameter node with the following parameters: allow.mount.devfs: allow mounting the devfs filesystem inside a jail allow.mount.nullfs: allow mounting the nullfs filesystem inside a jail From r232186: allow.mount.zfs: allow mounting the zfs filesystem inside a jail
|
#
e7af90ab |
|
26-Feb-2012 |
Martin Matuska <mm@FreeBSD.org> |
Analogous to r232059, add a parameter for the ZFS file system: allow.mount.zfs: allow mounting the zfs filesystem inside a jail This way the permssions for mounting all current VFCF_JAIL filesystems inside a jail are controlled wia allow.mount.* jail parameters. Update sysctl descriptions. Update jail(8) and zfs(8) manpages. TODO: document the connection of allow.mount.* and VFCF_JAIL for kernel developers MFC after: 10 days
|
#
bf3db8aa |
|
23-Feb-2012 |
Martin Matuska <mm@FreeBSD.org> |
To improve control over the use of mount(8) inside a jail(8), introduce a new jail parameter node with the following parameters: allow.mount.devfs: allow mounting the devfs filesystem inside a jail allow.mount.nullfs: allow mounting the nullfs filesystem inside a jail Both parameters are disabled by default (equals the behavior before devfs and nullfs in jails). Administrators have to explicitly allow mounting devfs and nullfs for each jail. The value "-1" of the devfs_ruleset parameter is removed in favor of the new allow setting. Reviewed by: jamie Suggested by: pjd MFC after: 2 weeks
|
#
0cc207a6 |
|
09-Feb-2012 |
Martin Matuska <mm@FreeBSD.org> |
Add support for mounting devfs inside jails. A new jail(8) option "devfs_ruleset" defines the ruleset enforcement for mounting devfs inside jails. A value of -1 disables mounting devfs in jails, a value of zero means no restrictions. Nested jails can only have mounting devfs disabled or inherit parent's enforcement as jails are not allowed to view or manipulate devfs(8) rules. Utilizes new functions introduced in r231265. Reviewed by: jamie MFC after: 1 month
|
#
4334a36a |
|
31-Jan-2012 |
Jamie Gritton <jamie@FreeBSD.org> |
Better communicate the purpose of "-r *".
|
#
435d4667 |
|
02-Aug-2011 |
Martin Matuska <mm@FreeBSD.org> |
Always disable mount and unmount for jails with enforce_statfs==2. A working statfs(2) is required for umount(8) in jail. Reviewed by: pjd, kib Approved by: re (kib) MFC after: 2 weeks
|
#
76e54f99 |
|
27-Jul-2011 |
Benedict Reuschling <bcr@FreeBSD.org> |
Revert my last change to this file, as BETA1 is not announced yet. Pointed out by: kib Pointy hat to: me Approved by: re (kib, implicit)
|
#
f49a230f |
|
28-Jul-2011 |
Benedict Reuschling <bcr@FreeBSD.org> |
Add a section to the jail chapter that explains why it is not recommended to allow root users in the jail to access the host system. PR: docs/156853 Submitted by: crees Patch by: crees Approved by: re (kib) for BETA1
|
#
1f897ce1 |
|
23-Jul-2011 |
Glen Barber <gjb@FreeBSD.org> |
Document the potential for jail escape. Submitted by: Vedad KAJTAZ (vedad % kajtaz net) PR: 142341 Reviewed by: bz, rwatson Rewording by: rwatson Approved by: re (kensmith) MFC after: 3 days
|
#
d8352076 |
|
17-Jun-2011 |
Jamie Gritton <jamie@FreeBSD.org> |
Update copyright dates and other whitespacey stuff.
|
#
0f3f5331 |
|
08-May-2011 |
Benedict Reuschling <bcr@FreeBSD.org> |
Revert r221655: Various people voiced their concerns about these changes. Until this is resolved, we should use the old version.
|
#
7dc2d689 |
|
07-May-2011 |
Benedict Reuschling <bcr@FreeBSD.org> |
Jails have a problem in that if the jail directory is world-readable, an attacker with root access to the jail can create a setuid binary for their own use in the host environment (if they also have this access), thus breaking root in the host. This exploit is impossible if the jail's files are not world-readable. Add instructions to the man page on how to create a jail with the correct permissions set. PR: docs/156853 Submitted by: Chris Rees (utisoft at gmail dot com) Reviewed by: cperciva (security parts) MFC after: 9 days
|
#
2671ee73 |
|
20-Oct-2010 |
Jamie Gritton <jamie@FreeBSD.org> |
Initial work on the new jail(8). There are more features to add, and some cleaning up to do on existing features, but this is pretty much what the final product will look like.
|
#
0d9deed5 |
|
07-Oct-2010 |
Ulrich Spörlein <uqs@FreeBSD.org> |
mdoc: drop redundant .Pp and .LP calls They have no effect when coming in pairs, or before .Bl/.Bd
|
#
743149d2 |
|
08-Aug-2010 |
Jamie Gritton <jamie@FreeBSD.org> |
Back out r210975, which changed documentation to match the now backed-out r210974.
|
#
10310d67 |
|
06-Aug-2010 |
Jamie Gritton <jamie@FreeBSD.org> |
Note that a jail without a command parameter will be persistent, instead of explicitly requiring one of "command" or "persist". MFC after: 3 days
|
#
d4352d29 |
|
01-Aug-2010 |
Joel Dahl <joel@FreeBSD.org> |
Spelling fixes.
|
#
0ed5d065 |
|
30-May-2010 |
Bjoern A. Zeeb <bz@FreeBSD.org> |
MFC r199818: New style of jail(8) usage requires "-c" argument to create a jail. Approved by: re (hrs)
|
#
62486687 |
|
19-May-2010 |
Ulrich Spörlein <uqs@FreeBSD.org> |
mdoc: consistently spell our email addresses <foo@FreeBSD.org> Reviewed by: ru
|
#
35939b04 |
|
05-May-2010 |
Daniel Gerzo <danger@FreeBSD.org> |
- fix typo
|
#
fe0506d7 |
|
09-Mar-2010 |
Marcel Moolenaar <marcel@FreeBSD.org> |
Create the altix project branch. The altix project will add support for the SGI Altix 350 to FreeBSD/ia64. The hardware used for porting is a two-module system, consisting of a base compute module and a CPU expansion module. SGI's NUMAFlex architecture can be an excellent platform to test CPU affinity and NUMA-aware features in FreeBSD.
|
#
90bb6389 |
|
03-Mar-2010 |
Xin LI <delphij@FreeBSD.org> |
Make 'make manlint' happy. No actual visible change.
|
#
3bcceea4 |
|
23-Jan-2010 |
Bjoern A. Zeeb <bz@FreeBSD.org> |
MFC r202468: Add ip4.saddrsel/ip4.nosaddrsel (and equivalent for ip6) to control whether to use source address selection (default) or the primary jail address for unbound outgoing connections. This is intended to be used by people upgrading from single-IP jails to multi-IP jails but not having to change firewall rules, application ACLs, ... but to force their connections (unless otherwise changed) to the primry jail IP they had been used for years, as well as for people prefering to implement similar policies. Note that for IPv6, if configured incorrectly, this might lead to scope violations, which single-IPv6 jails could as well, as by the design of jails. [1] Reviewed by: jamie, hrs (ipv6 part) Pointed out by: hrs [1]
|
#
592bcae8 |
|
16-Jan-2010 |
Bjoern A. Zeeb <bz@FreeBSD.org> |
Add ip4.saddrsel/ip4.nosaddrsel (and equivalent for ip6) to control whether to use source address selection (default) or the primary jail address for unbound outgoing connections. This is intended to be used by people upgrading from single-IP jails to multi-IP jails but not having to change firewall rules, application ACLs, ... but to force their connections (unless otherwise changed) to the primry jail IP they had been used for years, as well as for people prefering to implement similar policies. Note that for IPv6, if configured incorrectly, this might lead to scope violations, which single-IPv6 jails could as well, as by the design of jails. [1] Reviewed by: jamie, hrs (ipv6 part) Pointed out by: hrs [1] MFC After: 2 weeks Asked for by: Jase Thew (bazerka beardz.net)
|
#
ce8ad96a |
|
25-Nov-2009 |
Jun Kuriyama <kuriyama@FreeBSD.org> |
- New style of jail(8) usage requires "-c" argument to create a jail. Reviewed by: jamie
|
#
f36e7051 |
|
01-Nov-2009 |
Ed Schouten <ed@FreeBSD.org> |
MFC various commits back to stable/8: SVN r197174: Make sure we never place the cursor outside the screen. For some vague reason, it may be possible that scp->cursor_pos exceeds scp->ysize * scp->xsize. This means that teken_set_cursor() may get called with an invalid position. Just ignore the old cursor position in this case. Reported by: Paul B. Mahol <onemda gmail com> SVN r198213: Make lock devices work properly. It turned out I did add the code to use the init state devices to set the termios structure when opening the device, but it seems I totally forgot to add the bits required to force the actual locking of flags through the lock state devices. Reported by: ru SVN r198215, r198217: Fix a typo in the jail(8) manpage. Submitted by: Jille Timmermans <jille quis cx> SVN r198216: Fix qouting in a comment, to make it look more consistent Submitted by: Jille Timmermans <jille quis cx> SVN r198223: Properly set the low watermarks when reducing the baud rate. Now that buffers are deallocated lazily, we should not use tty*q_getsize() to obtain the buffer size to calculate the low watermarks. Doing this may cause the watermark to be placed outside the typical buffer size. This caused some regressions after my previous commit to the TTY code, which allows pseudo-devices to resize the buffers as well. Reported by: yongari, dougb
|
#
5fd658af |
|
18-Oct-2009 |
Ed Schouten <ed@FreeBSD.org> |
Don't forget to increment the man page date. Reported by: bz
|
#
f19fa944 |
|
18-Oct-2009 |
Ed Schouten <ed@FreeBSD.org> |
Fix a typo in the jail(8) manpage. Submitted by: Jille Timmermans <jille quis cx> MFC after: 1 week
|
#
7cbf7213 |
|
25-Jul-2009 |
Jamie Gritton <jamie@FreeBSD.org> |
Some jail parameters (in particular, "ip4" and "ip6" for IP address restrictions) were found to be inadequately described by a boolean. Define a new parameter type with three values (disable, new, inherit) to handle these and future cases. Approved by: re (kib), bz (mentor) Discussed with: rwatson
|
#
f9bc4dcb |
|
08-Jul-2009 |
Jamie Gritton <jamie@FreeBSD.org> |
Fix a typo in the examples. Approved by: re (kib), bz (mentor)
|
#
b97457e2 |
|
23-Jun-2009 |
Jamie Gritton <jamie@FreeBSD.org> |
Add a limit for child jails via the "children.cur" and "children.max" parameters. This replaces the simple "allow.jails" permission. Approved by: bz (mentor)
|
#
0fe7ed00 |
|
07-Jun-2009 |
Joseph Koshy <jkoshy@FreeBSD.org> |
Fix grammar. Submitted by: richardtoohey at paradise dot net dot nz on -doc
|
#
76ca6f88 |
|
29-May-2009 |
Jamie Gritton <jamie@FreeBSD.org> |
Place hostnames and similar information fully under the prison system. The system hostname is now stored in prison0, and the global variable "hostname" has been removed, as has the hostname_mtx mutex. Jails may have their own host information, or they may inherit it from the parent/system. The proper way to read the hostname is via getcredhostname(), which will copy either the hostname associated with the passed cred, or the system hostname if you pass NULL. The system hostname can still be accessed directly (and without locking) at prison0.pr_host, but that should be avoided where possible. The "similar information" referred to is domainname, hostid, and hostuuid, which have also become prison parameters and had their associated global variables removed. Approved by: bz (mentor)
|
#
88812d9e |
|
29-May-2009 |
Jamie Gritton <jamie@FreeBSD.org> |
Fix some inaccuracies in the extensible parameter addition. Approved by: bz (mentor)
|
#
73d0971b |
|
27-May-2009 |
Jamie Gritton <jamie@FreeBSD.org> |
Add support for the arbitrary named jail parameters used by jail_set(2) and jail_get(2). Jail(8) can now create jails using a "name=value" format instead of just specifying a limited set of fixed parameters; it can also modify parameters of existing jails. Jls(8) can display all parameters of jails, or a specified set of parameters. The available parameters are gathered from the kernel, and not hard-coded into these programs. Small patches on killall(1) and jexec(8) to support jail names with jail_get(2). Approved by: bz (mentor)
|
#
6e2dc053 |
|
24-Jan-2009 |
Bjoern A. Zeeb <bz@FreeBSD.org> |
New sentence starts on a new line. MFC after: 2 week
|
#
2737772d |
|
24-Jan-2009 |
Bjoern A. Zeeb <bz@FreeBSD.org> |
Update the description of the '-h' option wrt to primary addresses per address family and add a reference to the ip-addresses option. MFC after: 1 week
|
#
12aec2f2 |
|
17-Jan-2009 |
Bjoern A. Zeeb <bz@FreeBSD.org> |
s,unmount 8,umount 8, it is unmount(2) which I did not mean. Submitted by: pluknet@gmail.com MFC after: 1 week
|
#
d65e5ff8 |
|
12-Jan-2009 |
Maxim Konovalov <maxim@FreeBSD.org> |
o Sort .Xr.
|
#
0bd0dfaa |
|
11-Jan-2009 |
Bjoern A. Zeeb <bz@FreeBSD.org> |
Add a short section talking about jails and file systems; mention the mountand jail-aware file systems as well as quota. PR: kern/68192 Reviewed by: simon MFC after: 2 weeks
|
#
413628a7 |
|
29-Nov-2008 |
Bjoern A. Zeeb <bz@FreeBSD.org> |
MFp4: Bring in updated jail support from bz_jail branch. This enhances the current jail implementation to permit multiple addresses per jail. In addtion to IPv4, IPv6 is supported as well. Due to updated checks it is even possible to have jails without an IP address at all, which basically gives one a chroot with restricted process view, no networking,.. SCTP support was updated and supports IPv6 in jails as well. Cpuset support permits jails to be bound to specific processor sets after creation. Jails can have an unrestricted (no duplicate protection, etc.) name in addition to the hostname. The jail name cannot be changed from within a jail and is considered to be used for management purposes or as audit-token in the future. DDB 'show jails' command was added to aid debugging. Proper compat support permits 32bit jail binaries to be used on 64bit systems to manage jails. Also backward compatibility was preserved where possible: for jail v1 syscalls, as well as with user space management utilities. Both jail as well as prison version were updated for the new features. A gap was intentionally left as the intermediate versions had been used by various patches floating around the last years. Bump __FreeBSD_version for the afore mentioned and in kernel changes. Special thanks to: - Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches and Olivier Houchard (cognet) for initial single-IPv6 patches. - Jeff Roberson (jeff) and Randall Stewart (rrs) for their help, ideas and review on cpuset and SCTP support. - Robert Watson (rwatson) for lots and lots of help, discussions, suggestions and review of most of the patch at various stages. - John Baldwin (jhb) for his help. - Simon L. Nielsen (simon) as early adopter testing changes on cluster machines as well as all the testers and people who provided feedback the last months on freebsd-jail and other channels. - My employer, CK Software GmbH, for the support so I could work on this. Reviewed by: (see above) MFC after: 3 months (this is just so that I get the mail) X-MFC Before: 7.2-RELEASE if possible
|
#
d7f03759 |
|
19-Oct-2008 |
Ulf Lilleengen <lulf@FreeBSD.org> |
- Import the HEAD csup code which is the basis for the cvsmode work.
|
#
4e9f3417 |
|
05-Apr-2007 |
Pawel Jakub Dawidek <pjd@FreeBSD.org> |
Bump date.
|
#
f3a8d2f9 |
|
05-Apr-2007 |
Pawel Jakub Dawidek <pjd@FreeBSD.org> |
Add security.jail.mount_allowed sysctl, which allows to mount and unmount jail-friendly file systems from within a jail. Precisely it grants PRIV_VFS_MOUNT, PRIV_VFS_UNMOUNT and PRIV_VFS_MOUNT_NONUSER privileges for a jailed super-user. It is turned off by default. A jail-friendly file system is a file system which driver registers itself with VFCF_JAIL flag via VFS_SET(9) API. The lsvfs(1) command can be used to see which file systems are jail-friendly ones. There currently no jail-friendly file systems, ZFS will be the first one. In the future we may consider marking file systems like nullfs as jail-friendly. Reviewed by: rwatson
|
#
91f9dc84 |
|
21-Nov-2006 |
Craig Rodrigues <rodrigc@FreeBSD.org> |
Change mount_devfs reference to "mount -t devfs". Reminded by: ru
|
#
bc84aa4b |
|
29-Sep-2006 |
Ruslan Ermilov <ru@FreeBSD.org> |
Markup fixes.
|
#
f855cc4f |
|
10-Jun-2006 |
Bjoern A. Zeeb <bz@FreeBSD.org> |
Use IP addresses out of "TEST-NET" (for use in documentation and example code) [RFC3330]. Reviewed by: simon
|
#
0f9fc191 |
|
28-May-2006 |
Simon L. B. Nielsen <simon@FreeBSD.org> |
Revert 1.73, since mounting devfs without a devfs ruleset inside a jail is a very bad idea security wise. Approved by: trhodes (jcamou mentor) No response: jcamou
|
#
fdf1353c |
|
28-May-2006 |
Matteo Riondato <matteo@FreeBSD.org> |
Mention ruleset #4 (devfsrules_jail) in jail's man page. MFC after: 3
|
#
7deb00cc |
|
11-May-2006 |
Matteo Riondato <matteo@FreeBSD.org> |
Add the -s option to set jail's securelevel. This is useful for jails run with non-root privileges. PR: bin/80242 MFC after: 2 weeks
|
#
feefdb0c |
|
10-May-2006 |
Matteo Riondato <matteo@FreeBSD.org> |
Use .Vt for struct xprison Suggested by: keramida
|
#
f7bb7136 |
|
08-May-2006 |
Matteo Riondato <matteo@FreeBSD.org> |
document security.jail.list sysctl in jail(8) PR: docs/96807 MFC after: 3
|
#
17d10fcc |
|
03-May-2006 |
Maxim Konovalov <maxim@FreeBSD.org> |
o Document security.jail.jailed sysctl. PR: docs/94711 Submitted by: Andreas Kohn MFC after: 2 weeks
|
#
888a664b |
|
16-Mar-2006 |
Jesus R. Camou <jcamou@FreeBSD.org> |
Do `mount_devfs' when starting a jail. PR: docs/86044 Noticed by: Dan Langille <dan@langille.org> Reviewed by: Jose Biskofski <jbiskofski@grmims.com> Approved by: trhodes (mentor)
|
#
cdafc851 |
|
03-Dec-2005 |
Philip Paeps <philip@FreeBSD.org> |
Add [-J jid_file] option to write out a JidFile, similar to a PidFile, containing the jailid, path, hostname, ip and the command used to start the jail. PR: misc/89883 Submitted by: L. Jason Godsey <lannygodsey -at- yahoo.com> Reviewed by: phk MFC after: 1 week
|
#
fd891a57 |
|
26-Oct-2005 |
Giorgos Keramidas <keramida@FreeBSD.org> |
Note that the jail setup example is meant to be fed to sh(1), not csh(1). PR: docs/87351 Submitted by: "Eli K. Breen" <bsd@unixforge.net> Approved by: simon, brooks MFC after: 3 days
|
#
23fe4fa2 |
|
07-Aug-2005 |
Christian Brueffer <brueffer@FreeBSD.org> |
Add some more info about jail startup and shutdown. Submitted by: Jeremie Le Hen <jeremie@le-hen.org> MFC after: 3 days
|
#
11af798c |
|
25-Jul-2005 |
Tilman Keskinoz <arved@FreeBSD.org> |
Move DNS configuration before sendmail configuration, because newaliases(1) may hang without proper DNS configuration. Approved by: brueffer
|
#
c8158501 |
|
19-Jul-2005 |
Jesus R. Camou <jcamou@FreeBSD.org> |
Mention that it is possible to have jails started at boot time if specified in /etc/rc.conf. PR: docs/81040 Submitted by: matteo Approved by: trhodes (mentor) MFC after: 1 week
|
#
9d73fabd |
|
13-Jun-2005 |
Ruslan Ermilov <ru@FreeBSD.org> |
Markup fixes. Approved by: re (blanket)
|
#
98b60f9d |
|
09-Jun-2005 |
Pawel Jakub Dawidek <pjd@FreeBSD.org> |
Update manual page after sysctl rename. Corrected by: brueffer
|
#
2856a282 |
|
28-May-2005 |
Pawel Jakub Dawidek <pjd@FreeBSD.org> |
Document 'jid' keyword for ps(1) and '-j' option for pgrep(1)/pkill(1).
|
#
870739f5 |
|
14-May-2005 |
Pawel Jakub Dawidek <pjd@FreeBSD.org> |
Remove symblic link kernel->dev/null creation. We don't need it in 5.x/6.x world (there is no /kernel file anymore). Reminded by: Isaac Levy presentation
|
#
214b17c2 |
|
30-Apr-2005 |
Joel Dahl <joel@FreeBSD.org> |
Fix spelling errors. Approved by: brueffer (mentor)
|
#
9bdd3e84 |
|
26-Feb-2005 |
Ruslan Ermilov <ru@FreeBSD.org> |
Added the convenience "distribution" target which calls the target of the same name from src/etc/Makefile with a proper environment, suitable to be used during upgrades and cross- builds.
|
#
79653046 |
|
08-Feb-2005 |
Colin Percival <cperciva@FreeBSD.org> |
Add a new sysctl, "security.jail.chflags_allowed", which controls the behaviour of chflags within a jail. If set to 0 (the default), then a jailed root user is treated as an unprivileged user; if set to 1, then a jailed root user is treated the same as an unjailed root user. This is necessary to allow "make installworld" to work inside a jail, since it attempts to manipulate the system immutable flag on certain files. Discussed with: csjp, rwatson MFC after: 2 weeks
|
#
ead5223f |
|
21-Jan-2005 |
Ruslan Ermilov <ru@FreeBSD.org> |
Fixed punctuation in xrefs.
|
#
1a74e6a1 |
|
11-Jan-2005 |
Ruslan Ermilov <ru@FreeBSD.org> |
Scheduled mdoc(7) sweep.
|
#
5b242e8c |
|
15-Aug-2004 |
Maxim Konovalov <maxim@FreeBSD.org> |
o Add -l option to jail(8) similar to su(1): before running jail'ed program under specific user's credentials, clean the environment and set only a few variables. PR: bin/70024 Submitted by: demon MFC after: 1 month
|
#
07bfccd7 |
|
02-Jul-2004 |
Ruslan Ermilov <ru@FreeBSD.org> |
Mechanically kill hard sentence breaks.
|
#
eba9a3d1 |
|
05-Jun-2004 |
Ruslan Ermilov <ru@FreeBSD.org> |
Markup nits.
|
#
44f79297 |
|
01-Jun-2004 |
Christian S.J. Peron <csjp@FreeBSD.org> |
Sentences should not start with conjunctions. Change "Because" to "Since". Pointed out by: Ceri
|
#
8bac4dbf |
|
31-May-2004 |
Christian S.J. Peron <csjp@FreeBSD.org> |
Add a warning note to security.jail.allow_raw_sockets about the risks of enabling raw sockets in prisons. Because raw sockets can be used to configure and interact with various network subsystems, extra caution should be used where privileged access to jails is given out to untrusted parties. As such, by default this option is disabled. A few others and I are currently auditing the kernel source code to ensure that the use of raw sockets by privledged prison users is safe. Approved by: bmilekic (mentor)
|
#
927b4810 |
|
29-May-2004 |
Maxim Konovalov <maxim@FreeBSD.org> |
o Implement -U flag: run command as user which exists only in jail. o getpwnam(3) returns NULL and does not set errno when the user does not exist. Bail out with "no such user" instead of "Unknown error: 0". PR: bin/67262 Submitted by: demon (-U flag) MFC after: 3 weeks
|
#
3e580b38 |
|
20-May-2004 |
Daniel Harris <dannyboy@FreeBSD.org> |
Typos and nits.
|
#
147110cb |
|
19-May-2004 |
Pawel Jakub Dawidek <pjd@FreeBSD.org> |
Document security.jail.getfsstatroot_only sysctl. Obtained from: rwatson's commit log Approved by: rwatson
|
#
b2206719 |
|
04-May-2004 |
Simon L. B. Nielsen <simon@FreeBSD.org> |
mdoc(7) cleanup for the last commit to this file. OK'ed by: bmilekic
|
#
5fb5184a |
|
03-May-2004 |
Bosko Milekic <bmilekic@FreeBSD.org> |
Ammend jail(8) man page to explain new sysctl for raw-sockets inside jails, Christian's last submission. Submitted by: Christian S.J. Peron <maneo@bsdpro.com>
|
#
82d4902d |
|
06-Feb-2004 |
Lukas Ertl <le@FreeBSD.org> |
Correct typo.
|
#
a5ca5c1a |
|
19-Nov-2003 |
Robert Watson <rwatson@FreeBSD.org> |
A variety of content cleanups: (1) Document the notion of using jail(8) to run "virtual servers" or just to constrain specific applications. If only running specific applications, some configuration steps are unnecessary (such as editing rc.conf). (2) Add some more subsection headers to break up the bigger chunks of text. (3) Clarify the problems associated with applications binding all IP addresses in the host, and attempt to be more specific about potential application problems. Document how to force sshd to bind the the right socket. (4) Suggest that in a jailed application scenario, you might want to have the host syslogd listen on the socket in the jail, rather than running syslogd in the jail. (5) Catch another reference to /stand/sysinstall. Approved by: re (bmah implicitly)
|
#
9395ecb1 |
|
19-Nov-2003 |
Robert Watson <rwatson@FreeBSD.org> |
No need to copy sysinstall into a jail with -CURRENT, since in -CURRENT, we have /usr/sbin/sysinstall. Approved by: re (bmah implicitly)
|
#
d1b10a62 |
|
11-Nov-2003 |
Ken Smith <kensmith@FreeBSD.org> |
- Add a note that there are two MIB variables that have per-jail settings. Reviewed by: rwatson Approved by: blackend (mentor)
|
#
d82dae3e |
|
26-Jun-2003 |
Robert Watson <rwatson@FreeBSD.org> |
When pointing users at mount_devfs to populate the /dev of a jail, tell them that they also need to use devfs rules to prevent inappropriate devices from appearing in the jail; add an Xref. In earlier versions of this man page, the user was instructed to use sh MAKEDEV jail, which only created a minimal set of device nodes.
|
#
ebf5d9bc |
|
08-Apr-2003 |
Mike Barcroft <mike@FreeBSD.org> |
o Add jls(8) for listing active jails. o Add jexec(8) to execute a command in an existing jail. o Add -j option for killall(1) to kill all processes in a specified jail. o Add -i option to jail(8) to output jail ID of newly created jail.
|
#
d6131f4b |
|
26-Mar-2003 |
Maxim Konovalov <maxim@FreeBSD.org> |
o Add -u <username> flag to jail(8): set user context before exec. PR: bin/44320 Submitted by: Mike Matsnev <mike@po.cs.msu.su> Reviewed by: -current MFC after: 6 weeks
|
#
3b8a7d4f |
|
18-Mar-2003 |
Maxim Konovalov <maxim@FreeBSD.org> |
portmap_enable -> rpcbind_enable. Spotted by: Andrew Khlebutin <andreyh@perm.ru>
|
#
35adbc4d |
|
28-Feb-2003 |
Giorgos Keramidas <keramida@FreeBSD.org> |
Remove traces of MAKEDEV & add xref to mount_devfs(8). DEVFS is now mandatory in CURRENT. PR: docs/48095 Submitted by: Grzegorz Czaplinski <G.Czaplinski@prioris.mini.pw.edu.pl>
|
#
c0dc3446 |
|
22-Oct-2002 |
Poul-Henning Kamp <phk@FreeBSD.org> |
Fix example, we do not need NO_MAKEDEV_RUN any more. XXX: this example should be updated with a good example of devfs(8) rules.
|
#
490d5836 |
|
14-Jul-2002 |
Philippe Charnier <charnier@FreeBSD.org> |
The .Nm utility
|
#
a0cfa939 |
|
20-May-2002 |
Dima Dorfman <dd@FreeBSD.org> |
Fix IP address typo. PR: 38313 Submitted by: Jeff Ito <jeffi@rcn.com>
|
#
d0615c64 |
|
15-Jan-2002 |
Andrew R. Reiter <arr@FreeBSD.org> |
- Attempt to help declutter kern. sysctl by moving security out from beneath it. Reviewed by: rwatson
|
#
fe9a332d |
|
10-Jan-2002 |
Ruslan Ermilov <ru@FreeBSD.org> |
mdoc(7) police: ispell rev. 1.32.
|
#
3551a1c5 |
|
10-Jan-2002 |
Ruslan Ermilov <ru@FreeBSD.org> |
mdoc(7) police: tidy up previous delta.
|
#
c579474c |
|
14-Dec-2001 |
Poul-Henning Kamp <phk@FreeBSD.org> |
Add some wisdom to the jail setup instructions.
|
#
1a6ec3e8 |
|
14-Dec-2001 |
Ruslan Ermilov <ru@FreeBSD.org> |
mdoc(7) police overhaul.
|
#
94b3b598 |
|
11-Dec-2001 |
Andrew R. Reiter <arr@FreeBSD.org> |
- Update the sysctl mibs in order to reflect the recent kern_jail.c changes. Approved by: rwatson Reviewed by: rwatson
|
#
979d474a |
|
03-Sep-2001 |
Dima Dorfman <dd@FreeBSD.org> |
syslogd can now be configured to bind to a specific address.
|
#
4b526751 |
|
26-Aug-2001 |
Dima Dorfman <dd@FreeBSD.org> |
This is not jail(2), or anything else suitable to be referenced with .Fn.
|
#
f247324d |
|
15-Jul-2001 |
Dima Dorfman <dd@FreeBSD.org> |
Remove whitespace at EOL.
|
#
a4c37c81 |
|
10-Jul-2001 |
Ruslan Ermilov <ru@FreeBSD.org> |
mdoc(7) police: removed HISTORY info from the .Os call.
|
#
e287e9b1 |
|
05-Jul-2001 |
Ruslan Ermilov <ru@FreeBSD.org> |
mdoc(7) police: sort xrefs.
|
#
8657581b |
|
07-Jun-2001 |
Maxim Sobolev <sobomax@FreeBSD.org> |
Correct cross-reference: portmap.8 --> rpcbind.8 Submitted by: .Xr testing script
|
#
723f7e30 |
|
29-Mar-2001 |
Jeroen Ruigrok van der Werven <asmodai@FreeBSD.org> |
Change NO_MAKEDEV to a finer granularity method: NO_MAKEDEV_INSTALL and NO_MAKEDEV_RUN. The former implying the latter. The names imply what they do. The last commit by DES based on a PR defeated the original idea behind NO_MAKEDEV, which was not to run MAKEDEV, but to do the installation of MAKEDEV. This should satisfy both parties on the MAKEDEV challenge. Reflect this in the documentation.
|
#
9a67c2cd |
|
11-Mar-2001 |
Robert Watson <rwatson@FreeBSD.org> |
o Replace part-wise instructions for building world for jail(8) with a simple make world; while this does a bit more work, it means that jail(8) doesn't have to be kept in sync with /usr/src/Makefile{,.inc1} which is a moving target. MFC candidate. Submitted by: FUJISHIMA Satsuki <sf@FreeBSD.org> Reviewed by: phk Also pointed out by: Phil Kernick <Phil@Kernick.org>
|
#
610a5778 |
|
01-Feb-2001 |
Ruslan Ermilov <ru@FreeBSD.org> |
mdoc(7) police: split punctuation characters + misc fixes.
|
#
ed403116 |
|
14-Dec-2000 |
Ruslan Ermilov <ru@FreeBSD.org> |
mdoc(7) police: removed history info from the .Os FreeBSD call.
|
#
e97407b4 |
|
20-Nov-2000 |
Ruslan Ermilov <ru@FreeBSD.org> |
mdoc(7) police: use the new features of the Nm macro.
|
#
b5c508fb |
|
14-Nov-2000 |
Ruslan Ermilov <ru@FreeBSD.org> |
Use Fx macro wherever possible.
|
#
12d1ad83 |
|
01-Nov-2000 |
Sheldon Hearn <sheldonh@FreeBSD.org> |
Whitespace only: Correct poor line-breaking introduced in rev 1.17, which was limited to correcting mark-up.
|
#
88a2f8f5 |
|
01-Nov-2000 |
Sheldon Hearn <sheldonh@FreeBSD.org> |
Correct mark-up used in rev 1.16, as discussed with its contributor: * Use a sub-section (Ss) instead of a section (Sh) for "Sysctl MIB Entries". * Use a tagged list (Bl, El and It) instead of sub-sections (Ss) for the actual MIB entries. * Mark paths up as such (Pa). * Mark defined values up as such (Dv).
|
#
98965ada |
|
30-Oct-2000 |
Robert Watson <rwatson@FreeBSD.org> |
o Document various sysctl's available for managing services available within jail()
|
#
00f1e962 |
|
08-Jul-2000 |
Daniel Harris <dannyboy@FreeBSD.org> |
Typo: "is unreliably by default" to "is unreliable by default". PR: 19411 Submitted by: Benno Rice <benno@netizen.com.au>
|
#
69bd852d |
|
23-Mar-2000 |
Mike Pritchard <mpp@FreeBSD.org> |
Some minor mdoc style and spelling fixes.
|
#
f2e366a1 |
|
01-Mar-2000 |
Sheldon Hearn <sheldonh@FreeBSD.org> |
Remove single-space hard sentence breaks. These degrade the quality of the typeset output, tend to make diffs harder to read and provide bad examples for new-comers to mdoc.
|
#
d98722bc |
|
19-Feb-2000 |
Robert Watson <rwatson@FreeBSD.org> |
- As jail(8) has been almost completely rewritten, prepend another copyright/ BSD-style license, as an add-on to phk's beerware license. Please fedex some beer to phk. - Add a ``make depend'' line to the jail-building, which fixes openssl, among other things. Suggested by: kris - Add ``newaliases'' to the list of things to do when setting up a new jail, so that the jailed sendmail doesn't complain. - Correct references to ``kern.jail.set_hostname_allowed'' which now read ``jail.set_hostname_allowed''. - Add a reference to sysctl.conf where the sysctl can easily be set in a persistent way. - Add a list of cross references to the man page. - Fix a formatting nit or two.
|
#
c2edcb1a |
|
18-Feb-2000 |
Robert Watson <rwatson@FreeBSD.org> |
Fix up a few documentation nits in jail(8), as well as improve the instructions so as to reduce warnings during jail startup, etc. Add a somewhat bolder warning recommending the use of kern.jail.set_hostname to limit jail renamining.
|
#
09aa405f |
|
16-Feb-2000 |
Robert Watson <rwatson@FreeBSD.org> |
Modified jail.8 to correct a typo (inetd_flas vs. inetd_flags), and add a comment to the effect that I'm responsible for the additional documentation, et al, so that phk gets fewer messages about my errors.
|
#
05181f63 |
|
12-Feb-2000 |
Chris Costello <chris@FreeBSD.org> |
Add Robert Watson's much extended documentation including that of the kern.jail.set_hostname_allowed sysctl MIB. Submitted by: rwatson
|
#
34d226d7 |
|
08-Feb-2000 |
Robert Watson <rwatson@FreeBSD.org> |
Clean up the jail(8) documentation so that it suggests building a jail userland in a safer way. Using the NO_MAKEDEV argument in make distribution prevents the creation of a number of unsafe device nodes in the jailed /dev, including disk devices, and more. This depends on an earlier commit to /etc/Makefile to provide the NO_MAKEDEV support. Approved by: jkh
|
#
5e4614fe |
|
21-Dec-1999 |
Jeroen Ruigrok van der Werven <asmodai@FreeBSD.org> |
Properly manify this manpage.
|
#
ad1720d3 |
|
05-Dec-1999 |
Poul-Henning Kamp <phk@FreeBSD.org> |
A procfs mount is no longer needed for a jail.
|
#
97d92980 |
|
27-Aug-1999 |
Peter Wemm <peter@FreeBSD.org> |
$Id$ -> $FreeBSD$
|
#
df99b423 |
|
09-Jul-1999 |
Poul-Henning Kamp <phk@FreeBSD.org> |
Add example of how to create a jail.
|
#
c020621f |
|
05-May-1999 |
Poul-Henning Kamp <phk@FreeBSD.org> |
Various cosmetics. Submitted by: Rudolf Cejka <cejkar@dcse.fee.vutbr.cz> Reviewed by: phk
|
#
ce5c1cd1 |
|
04-May-1999 |
Poul-Henning Kamp <phk@FreeBSD.org> |
Fix various bogons. Submitted by: Rudolf Cejka <cejkar@dcse.fee.vutbr.cz> Reviewed by: phk
|
#
75c13541 |
|
28-Apr-1999 |
Poul-Henning Kamp <phk@FreeBSD.org> |
This Implements the mumbled about "Jail" feature. This is a seriously beefed up chroot kind of thing. The process is jailed along the same lines as a chroot does it, but with additional tough restrictions imposed on what the superuser can do. For all I know, it is safe to hand over the root bit inside a prison to the customer living in that prison, this is what it was developed for in fact: "real virtual servers". Each prison has an ip number associated with it, which all IP communications will be coerced to use and each prison has its own hostname. Needless to say, you need more RAM this way, but the advantage is that each customer can run their own particular version of apache and not stomp on the toes of their neighbors. It generally does what one would expect, but setting up a jail still takes a little knowledge. A few notes: I have no scripts for setting up a jail, don't ask me for them. The IP number should be an alias on one of the interfaces. mount a /proc in each jail, it will make ps more useable. /proc/<pid>/status tells the hostname of the prison for jailed processes. Quotas are only sensible if you have a mountpoint per prison. There are no privisions for stopping resource-hogging. Some "#ifdef INET" and similar may be missing (send patches!) If somebody wants to take it from here and develop it into more of a "virtual machine" they should be most welcome! Tools, comments, patches & documentation most welcome. Have fun... Sponsored by: http://www.rndassociates.com/ Run for almost a year by: http://www.servetheweb.com/
|