0304c73163
by creating a child jail, which is visible to that jail and to any parent jails. Child jails may be restricted more than their parents, but never less. Jail names reflect this hierarchy, being MIB-style dot-separated strings. Every thread now points to a jail, the default being prison0, which contains information about the physical system. Prison0's root directory is the same as rootvnode; its hostname is the same as the global hostname, and its securelevel replaces the global securelevel. Note that the variable "securelevel" has actually gone away, which should not cause any problems for code that properly uses securelevel_gt() and securelevel_ge(). Some jail-related permissions that were kept in global variables and set via sysctls are now per-jail settings. The sysctls still exist for backward compatibility, used only by the now-deprecated jail(2) system call. Approved by: bz (mentor) |
||
---|---|---|
.. | ||
audit | ||
mac | ||
mac_biba | ||
mac_bsdextended | ||
mac_ifoff | ||
mac_lomac | ||
mac_mls | ||
mac_none | ||
mac_partition | ||
mac_portacl | ||
mac_seeotheruids | ||
mac_stub | ||
mac_test |