tell them that they also need to use devfs rules to prevent
inappropriate devices from appearing in the jail; add an Xref. In
earlier versions of this man page, the user was instructed to use
sh MAKEDEV jail, which only created a minimal set of device nodes.
o Add jexec(8) to execute a command in an existing jail.
o Add -j option for killall(1) to kill all processes in a specified
jail.
o Add -i option to jail(8) to output jail ID of newly created jail.
NO_MAKEDEV_INSTALL and NO_MAKEDEV_RUN. The former implying the latter.
The names imply what they do. The last commit by DES based on a PR defeated
the original idea behind NO_MAKEDEV, which was not to run MAKEDEV, but to do
the installation of MAKEDEV. This should satisfy both parties on the MAKEDEV
challenge.
Reflect this in the documentation.
a simple make world; while this does a bit more work, it means that
jail(8) doesn't have to be kept in sync with /usr/src/Makefile{,.inc1}
which is a moving target. MFC candidate.
Submitted by: FUJISHIMA Satsuki <sf@FreeBSD.org>
Reviewed by: phk
Also pointed out by: Phil Kernick <Phil@Kernick.org>
* Use a sub-section (Ss) instead of a section (Sh) for
"Sysctl MIB Entries".
* Use a tagged list (Bl, El and It) instead of sub-sections (Ss) for
the actual MIB entries.
* Mark paths up as such (Pa).
* Mark defined values up as such (Dv).
BSD-style license, as an add-on to phk's beerware license. Please fedex
some beer to phk.
- Add a ``make depend'' line to the jail-building, which fixes openssl,
among other things. Suggested by: kris
- Add ``newaliases'' to the list of things to do when setting up a new
jail, so that the jailed sendmail doesn't complain.
- Correct references to ``kern.jail.set_hostname_allowed'' which now read
``jail.set_hostname_allowed''.
- Add a reference to sysctl.conf where the sysctl can easily be set in
a persistent way.
- Add a list of cross references to the man page.
- Fix a formatting nit or two.
instructions so as to reduce warnings during jail startup, etc.
Add a somewhat bolder warning recommending the use of
kern.jail.set_hostname to limit jail renamining.
userland in a safer way. Using the NO_MAKEDEV argument in make
distribution prevents the creation of a number of unsafe device nodes
in the jailed /dev, including disk devices, and more. This depends
on an earlier commit to /etc/Makefile to provide the NO_MAKEDEV
support.
Approved by: jkh
