jail.8 - OpenGrok cross reference for /freebsd/usr.sbin/jail/jail.8

Lines Matching +full:user +full:- +full:visible
2 .\" Copyright (c) 2008-2012 James Gritton
94 .Bl -tag -width indent
104 Exhibit a list of all configured non-wildcard jails and their parameters.
129 The jail is first removed and then re-created, as if
146 .Bl -tag -width indent
148 Clean up after an already-removed jail, running commands and operations
193 No removal-related parameters for this jail will be used \(em the jail will
203 The user name from host environment as whom jailed commands should run.
210 The user name from the jailed environment as whom jailed commands should run.
251 If hierarchical jails exist, a partial-matching wildcard definition may
288 comma-separated list, or with
293 List-based parameters may also be specified multiple times on the command
309 Then there are pseudo-parameters that are only used by
320 .Bl -tag -width indent
456 in the per-jail devfs.
482 visible.
485 When set to 2 (default), above syscalls can operate only on a mount-point
498 pseudo-parameter set.
500 The ID of the cpuset associated with this jail (read-only).
502 This is true if the jail is in the process of shutting down (read-only).
506 of the parent of this jail, or zero if this is a top-level jail
507 (read-only).
511 sysctl and uname -r.
515 and uname -K.
520 sysctl, which can only be adjusted by the non-jailed root user.
553 Some restrictions of the jail environment may be set on a per-jail
560 .Bl -tag -width indent
568 This is deprecated in favor of the per-module parameters (see below).
599 system types marked as jail-friendly.
621 with non-jailed parts of the system.
626 MIB entry is zero, this will be restricted to the root user.
650 daemons are permitted to run inside a properly configured vnet-enabled jail.
655 can export file systems visible within the jail.
695 The super-user will be disabled automatically if its parent system has it
697 The super-user is enabled by default.
714 Allow privileged process in the non-VNET jail to modify the system routing
726 to encapsulate the jail in some module-specific way,
731 Module-specific parameters include:
732 .Bl -tag -width indent
743 fuse-based file systems.
798 .Xr zfs-jail 8
821 all IPC objects on the system are visible to this jail, whether they
831 the jail cannot perform any sysvmsg-related system calls.
846 There are pseudo-parameters that are not passed to the kernel, but are
862 .Bl -tag -width indent -offset indent
877 The pseudo-parameters are:
878 .Bl -tag -width indent
928 .Ev USER .
933 .Ev USER
946 If a user is specified (as with
948 commands are run from that (possibly jailed) user's directory.
950 The user to run commands as, when running in the jail environment.
951 The default is to run the commands as the current user.
959 The user to run commands as, when running in the system environment.
960 The default is to run the commands as the current user.
997 .Dq Ar interface Ns | Ns Ar ip-address Ns / Ns Ar netmask param ... .
1002 If a netmask in either dotted-quad or CIDR form is given
1011 .Dq Ar interface Ns | Ns Ar ip-address Ns / Ns Ar prefix param ... .
1013 A list of network interfaces to give to a vnet-enabled jail after is it created.
1021 .Xr zfs-jail 8
1054 to restrict the devices visible inside the jail.
1111 .Bd -literal -offset indent
1114 mkdir -p $D
1143 .Dq jail-friendly .
1161 .Bd -literal -offset indent
1163 inetd_flags="-wW -a 192.0.2.23"
1175 flags entries; for others it is necessary to modify per-application
1207 Any third-party network software running
1229 .Bd -literal -offset indent
1230 jail -c path=/data/jail/testjail mount.devfs \\
1238 and do the post-install configuration to set various configuration options,
1243 .Bl -bullet -offset indent -compact
1264 You may also want to perform any package-specific configuration (web servers,
1280 .Bd -literal -offset indent
1308 .Bd -literal -offset indent
1309 jail -c testjail
1345 .Bd -literal -offset indent
1346 kill -TERM -1
1347 kill -KILL -1
1366 .Bd -literal -offset indent
1367 jail -r
1382 .Dq Li -
1393 .Dl "ps ax -o pid,jid,args"
1396 .Bd -literal -offset indent
1397 pgrep -lfj 3
1398 pkill -j 3
1402 .Dl "killall -j 3"
1409 jail-friendly, the jail's
1416 For example, a user in one jail can fill the file system,
1421 are not aware of jails but only look at the user and group IDs.
1422 This means the same user ID in two jails share a single file
1426 The read-only entry
1436 Some MIB variables have per-jail settings.
1453 Each jail has a read-only
1459 of 0 indicates the jail is a child of the current jail (or is a top-level
1477 These jails are visible to and can be modified by their parent and all
1480 Jail names reflect this hierarchy, with a full name being an MIB-type string
1542 .Xr zfs-jail 8 ,
1554 .An -nosplit
1556 .An Poul-Henning Kamp
1566 added multi-IP jail support for IPv4 and IPv6 based on a patch
1586 Great care should be taken when managing directories visible within the jail.
1593 In addition, there are several ways in which an unprivileged user
1594 outside the jail can cooperate with a privileged user inside the jail