fd7a8150fb
by allprison_mtx), a unique prison/jail identifier field, two path fields (pr_path for reporting and pr_root vnode instance) to store the chroot() point of each jail. o Add jail_attach(2) to allow a process to bind to an existing jail. o Add change_root() to perform the chroot operation on a specified vnode. o Generalize change_dir() to accept a vnode, and move namei() calls to callers of change_dir(). o Add a new sysctl (security.jail.list) which is a group of struct xprison instances that represent a snapshot of active jails. Reviewed by: rwatson, tjr
136 lines
3.3 KiB
Groff
136 lines
3.3 KiB
Groff
.\"
|
|
.\"----------------------------------------------------------------------------
|
|
.\""THE BEER-WARE LICENSE" (Revision 42):
|
|
.\"<phk@FreeBSD.ORG> wrote this file. As long as you retain this notice you
|
|
.\"can do whatever you want with this stuff. If we meet some day, and you think
|
|
.\"this stuff is worth it, you can buy me a beer in return. Poul-Henning Kamp
|
|
.\"----------------------------------------------------------------------------
|
|
.\"
|
|
.\"$FreeBSD$
|
|
.\"
|
|
.Dd April 8, 2003
|
|
.Dt JAIL 2
|
|
.Os
|
|
.Sh NAME
|
|
.Nm jail
|
|
.Nd imprison current process and future decendants
|
|
.Sh LIBRARY
|
|
.Lb libc
|
|
.Sh SYNOPSIS
|
|
.In sys/param.h
|
|
.In sys/jail.h
|
|
.Ft int
|
|
.Fn jail "struct jail *jail"
|
|
.Ft int
|
|
.Fn jail_attach "int jid"
|
|
.Sh DESCRIPTION
|
|
The
|
|
.Fn jail
|
|
system call sets up a jail and locks the current process in it.
|
|
.Pp
|
|
The argument is a pointer to a structure describing the prison:
|
|
.Bd -literal -offset indent
|
|
struct jail {
|
|
u_int32_t version;
|
|
char *path;
|
|
char *hostname;
|
|
u_int32_t ip_number;
|
|
};
|
|
.Ed
|
|
.Pp
|
|
.Dq Li version
|
|
defines the version of the API in use. It should be set to zero at this time.
|
|
.Pp
|
|
The
|
|
.Dq Li path
|
|
pointer should be set to the directory which is to be the root of the
|
|
prison.
|
|
.Pp
|
|
The
|
|
.Dq Li hostname
|
|
pointer can be set to the hostname of the prison. This can be changed
|
|
from the inside of the prison.
|
|
.Pp
|
|
The
|
|
.Dq Li ip_number
|
|
can be set to the IP number assigned to the prison.
|
|
.Pp
|
|
The
|
|
.Fn jail_attach
|
|
system call attaches the current process to an existing jail,
|
|
identified by
|
|
.Va jid .
|
|
.Sh RETURN VALUES
|
|
If successful,
|
|
.Fn jail
|
|
returns a non-negative integer, termed the jail identifier (JID).
|
|
It returns -1 on failure, and sets
|
|
.Va errno
|
|
to indicate the error.
|
|
.Pp
|
|
If successful,
|
|
.Fn jail_attach
|
|
returns 0.
|
|
It returns -1 on failure, and sets
|
|
.Va errno
|
|
to indicate the error.
|
|
.Sh PRISON?
|
|
Once a process has been put in a prison, it and its decendants cannot escape
|
|
the prison.
|
|
.Pp
|
|
Inside the prison, the concept of "superuser" is very diluted. In general,
|
|
it can be assumed that nothing can be mangled from inside a prison which
|
|
does not exist entirely inside that prison. For instance the directory
|
|
tree below
|
|
.Dq Li path
|
|
can be manipulated all the ways a root can normally do it, including
|
|
.Dq Li "rm -rf /*"
|
|
but new device special nodes cannot be created because they reference
|
|
shared resources (the device drivers in the kernel).
|
|
.Pp
|
|
All IP activity will be forced to happen to/from the IP number specified,
|
|
which should be an alias on one of the network interfaces.
|
|
.Pp
|
|
It is possible to identify a process as jailed by examining
|
|
.Dq Li /proc/<pid>/status :
|
|
it will show a field near the end of the line, either as
|
|
a single hyphen for a process at large, or the hostname currently
|
|
set for the prison for jailed processes.
|
|
.Sh ERRORS
|
|
The
|
|
.Fn jail
|
|
system call
|
|
will fail if:
|
|
.Bl -tag -width Er
|
|
.It Bq Er EINVAL
|
|
The version number of the argument is not correct.
|
|
.El
|
|
.Pp
|
|
Further
|
|
.Fn jail
|
|
calls
|
|
.Xr chroot 2
|
|
internally, so it can fail for all the same reasons.
|
|
Please consult the
|
|
.Xr chroot 2
|
|
manual page for details.
|
|
.Sh SEE ALSO
|
|
.Xr chdir 2 ,
|
|
.Xr chroot 2
|
|
.Sh HISTORY
|
|
The
|
|
.Fn jail
|
|
system call appeared in
|
|
.Fx 4.0 .
|
|
The
|
|
.Fn jail_attach
|
|
system call appeared in
|
|
.Fx 5.1 .
|
|
.Sh AUTHORS
|
|
The jail feature was written by
|
|
.An Poul-Henning Kamp
|
|
for R&D Associates
|
|
.Dq Li http://www.rndassociates.com/
|
|
who contributed it to
|
|
.Fx .
|