Lines Matching +full:shutdown +full:- +full:user +full:- +full:flag

2 .\" SPDX-License-Identifier: BSD-2-Clause
5 .\" Copyright (c) 2008-2012 James Gritton
97 .Bl -tag -width indent
107 Exhibit a list of all configured non-wildcard jails and their parameters.
132 The jail is first removed and then re-created, as if
149 .Bl -tag -width indent
151 Clean up after an already-removed jail, running commands and operations
196 No removal-related parameters for this jail will be used \(em the jail will
206 The user name from host environment as whom jailed commands should run.
213 The user name from the jailed environment as whom jailed commands should run.
254 If hierarchical jails exist, a partial-matching wildcard definition may
291 comma-separated list, or with
296 List-based parameters may also be specified multiple times on the command
312 Then there are pseudo-parameters that are only used by
323 .Bl -tag -width indent
459 in the per-jail devfs.
488 When set to 2 (default), above syscalls can operate only on a mount-point
501 pseudo-parameter set.
503 The ID of the cpuset associated with this jail (read-only).
505 This is true if the jail is in the process of shutting down (read-only).
509 of the parent of this jail, or zero if this is a top-level jail
510 (read-only).
514 sysctl and uname -r.
518 and uname -K.
523 sysctl, which can only be adjusted by the non-jailed root user.
556 Some restrictions of the jail environment may be set on a per-jail
563 .Bl -tag -width indent
571 This is deprecated in favor of the per-module parameters (see below).
590 flag has been set on the socket.
602 system types marked as jail-friendly.
624 with non-jailed parts of the system.
629 MIB entry is zero, this will be restricted to the root user.
653 daemons are permitted to run inside a properly configured vnet-enabled jail.
704 The super-user will be disabled automatically if its parent system has it
706 The super-user is enabled by default.
723 Allow privileged process in the non-VNET jail to modify the system routing
733 to set the audit user ID for an authenticated session.
746 to encapsulate the jail in some module-specific way,
751 Module-specific parameters include:
752 .Bl -tag -width indent
763 fuse-based file systems.
818 .Xr zfs-jail 8
824 This flag is only available when the
851 the jail cannot perform any sysvmsg-related system calls.
866 There are pseudo-parameters that are not passed to the kernel, but are
882 .Bl -tag -width indent -offset indent
897 The pseudo-parameters are:
898 .Bl -tag -width indent
935 .Dq sh /etc/rc.shutdown jail .
948 .Ev USER .
953 .Ev USER
966 If a user is specified (as with
968 commands are run from that (possibly jailed) user's directory.
970 The user to run commands as, when running in the jail environment.
971 The default is to run the commands as the current user.
979 The user to run commands as, when running in the system environment.
980 The default is to run the commands as the current user.
1017 .Dq Ar interface Ns | Ns Ar ip-address Ns / Ns Ar netmask param ... .
1022 If a netmask in either dotted-quad or CIDR form is given
1031 .Dq Ar interface Ns | Ns Ar ip-address Ns / Ns Ar prefix param ... .
1033 A comma separated list of network interfaces to give to a vnet-enabled jail
1042 .Xr zfs-jail 8
1132 .Bd -literal -offset indent
1135 mkdir -p $D
1145 .Bd -literal -offset indent
1147 mkdir -p $D
1148 tar -xf /usr/freebsd-dist/base.txz -C $D --unlink
1182 .Dq jail-friendly .
1200 .Bd -literal -offset indent
1202 inetd_flags="-wW -a 192.0.2.23"
1214 flags entries; for others it is necessary to modify per-application
1246 Any third-party network software running
1268 .Bd -literal -offset indent
1269 jail -c path=/data/jail/testjail mount.devfs \\
1277 and do the post-install configuration to set various configuration options,
1282 .Bl -bullet -offset indent -compact
1303 You may also want to perform any package-specific configuration (web servers,
1319 .Bd -literal -offset indent
1327 	exec.stop = "/bin/sh /etc/rc.shutdown jail";
1334 .Pa /etc/rc.shutdown
1347 .Bd -literal -offset indent
1348 jail -c testjail
1359 flag appearing beside jailed processes.
1376 Normal machine shutdown commands, such as
1380 .Xr shutdown 8 ,
1384 .Bd -literal -offset indent
1385 kill -TERM -1
1386 kill -KILL -1
1401 .Pa /etc/rc.shutdown
1405 .Bd -literal -offset indent
1406 jail -r
1421 .Dq Li -
1427 flag for processes in a jail.
1432 .Dl "ps ax -o pid,jid,args"
1435 .Bd -literal -offset indent
1436 pgrep -lfj 3
1437 pkill -j 3
1441 .Dl "killall -j 3"
1448 jail-friendly, the jail's
1455 For example, a user in one jail can fill the file system,
1460 are not aware of jails but only look at the user and group IDs.
1461 This means the same user ID in two jails share a single file
1465 The read-only entry
1475 Some MIB variables have per-jail settings.
1492 Each jail has a read-only
1498 of 0 indicates the jail is a child of the current jail (or is a top-level
1519 Jail names reflect this hierarchy, with a full name being an MIB-type string
1577 .Xr shutdown 8 ,
1581 .Xr zfs-jail 8 ,
1593 .An -nosplit
1595 .An Poul-Henning Kamp
1605 added multi-IP jail support for IPv4 and IPv6 based on a patch
1615 address alias flag such that daemons listening on all IPs
1632 In addition, there are several ways in which an unprivileged user
1633 outside the jail can cooperate with a privileged user inside the jail