| jail.8 (858b023a0733a6c8346d390be45b8469ceae054c) | jail.8 (344c81a16651a06b4a6732d662ab60a50fbe7434) |
|---|---|
| 1.\" Copyright (c) 2000, 2003 Robert N. M. Watson 2.\" Copyright (c) 2008-2012 James Gritton 3.\" All rights reserved. 4.\" 5.\" Redistribution and use in source and binary forms, with or without 6.\" modification, are permitted provided that the following conditions 7.\" are met: 8.\" 1. Redistributions of source code must retain the above copyright --- 241 unchanged lines hidden (view full) --- 250prefix, e.g. 251.Va persist 252or 253.Va nopersist . 254They can also be given the values 255.Dq true 256and 257.Dq false . | 1.\" Copyright (c) 2000, 2003 Robert N. M. Watson 2.\" Copyright (c) 2008-2012 James Gritton 3.\" All rights reserved. 4.\" 5.\" Redistribution and use in source and binary forms, with or without 6.\" modification, are permitted provided that the following conditions 7.\" are met: 8.\" 1. Redistributions of source code must retain the above copyright --- 241 unchanged lines hidden (view full) --- 250prefix, e.g. 251.Va persist 252or 253.Va nopersist . 254They can also be given the values 255.Dq true 256and 257.Dq false . |
| 258Other partameters may have more than one value, specified as a | 258Other parameters may have more than one value, specified as a |
| 259comma-separated list or with 260.Dq += 261in the configuration file (see 262.Xr jail.conf 5 263for details). 264.Pp 265The 266.Nm 267utility recognizes two classes of parameters. There are the true jail 268parameters that are passed to the kernel when the jail is created, 269can be seen with 270.Xr jls 8 , 271and can (usually) be changed with | 259comma-separated list or with 260.Dq += 261in the configuration file (see 262.Xr jail.conf 5 263for details). 264.Pp 265The 266.Nm 267utility recognizes two classes of parameters. There are the true jail 268parameters that are passed to the kernel when the jail is created, 269can be seen with 270.Xr jls 8 , 271and can (usually) be changed with |
| 272.Dq Nm Fl m. | 272.Dq Nm Fl m . |
| 273Then there are pseudo-parameters that are only used by 274.Nm 275itself. 276.Pp 277Jails have a set a core parameters, and kernel modules can add their own 278jail parameters. 279The current set of available parameters can be retrieved via 280.Dq Nm sysctl Fl d Va security.jail.param . --- 294 unchanged lines hidden (view full) --- 575when jails are created or removed. 576The 577.Va exec.* 578command parameters are 579.Xr sh 1 580command lines that are run in either the system or prison environment. 581They may be given multiple values, which run would the specified 582commands in sequence. | 273Then there are pseudo-parameters that are only used by 274.Nm 275itself. 276.Pp 277Jails have a set a core parameters, and kernel modules can add their own 278jail parameters. 279The current set of available parameters can be retrieved via 280.Dq Nm sysctl Fl d Va security.jail.param . --- 294 unchanged lines hidden (view full) --- 575when jails are created or removed. 576The 577.Va exec.* 578command parameters are 579.Xr sh 1 580command lines that are run in either the system or prison environment. 581They may be given multiple values, which run would the specified 582commands in sequence. |
| 583All commands must succed (return a zero exit status), or the jail will | 583All commands must succeed (return a zero exit status), or the jail will |
| 584not be created or removed. 585.Pp 586The pseudo-parameters are: 587.Bl -tag -width indent 588.It Va exec.prestart 589Command(s) to run in the system environment before a prison is created. 590.It Va exec.start 591Command(s) to run in the prison environment when a jail is created. --- 60 unchanged lines hidden (view full) --- 652A file to direct command output (stdout and stderr) to. 653.It Va exec.fib 654The FIB (routing table) to set when running commands inside the prison. 655.It Va stop.timeout 656The maximum amount of time to wait for a prison's processes to exit 657after sending them a 658.Dv SIGTERM 659signal (which happens after the | 584not be created or removed. 585.Pp 586The pseudo-parameters are: 587.Bl -tag -width indent 588.It Va exec.prestart 589Command(s) to run in the system environment before a prison is created. 590.It Va exec.start 591Command(s) to run in the prison environment when a jail is created. --- 60 unchanged lines hidden (view full) --- 652A file to direct command output (stdout and stderr) to. 653.It Va exec.fib 654The FIB (routing table) to set when running commands inside the prison. 655.It Va stop.timeout 656The maximum amount of time to wait for a prison's processes to exit 657after sending them a 658.Dv SIGTERM 659signal (which happens after the |
| 660.Va exec.stop commands have completed). | 660.Va exec.stop 661commands have completed). |
| 661After this many seconds have passed, the prison will be removed, which 662will kill any remaining processes. 663If this is set to zero, no 664.Dv SIGTERM 665is sent and the prison is immediately removed. 666The default is 10 seconds. 667.It Va interface 668A network interface to add the prison's IP addresses --- 558 unchanged lines hidden --- | 662After this many seconds have passed, the prison will be removed, which 663will kill any remaining processes. 664If this is set to zero, no 665.Dv SIGTERM 666is sent and the prison is immediately removed. 667The default is 10 seconds. 668.It Va interface 669A network interface to add the prison's IP addresses --- 558 unchanged lines hidden --- |