Commit Graph

200 Commits

Author SHA1 Message Date
ru
081fcce9b9 Markup fixes. 2006-09-29 17:57:04 +00:00
bz
5bf837dbd8 Use IP addresses out of "TEST-NET" (for use in documentation and
example code) [RFC3330].

Reviewed by: simon
2006-06-11 12:57:41 +00:00
simon
a1a96d1eac Revert 1.73, since mounting devfs without a devfs ruleset inside a
jail is a very bad idea security wise.

Approved by:	trhodes (jcamou mentor)
No response:	jcamou
2006-05-28 09:44:13 +00:00
matteo
804d1419a2 Mention ruleset #4 (devfsrules_jail) in jail's man page.
MFC after:	3
2006-05-28 08:29:49 +00:00
matteo
08978d5bee correct strtol(3) usage and style(9)
Reviewed by:	maxim
MFC after:	2 weeks
2006-05-12 15:14:43 +00:00
maxim
9a9ea4b9c8 o Style(9) the previous commit a bit. 2006-05-11 19:06:33 +00:00
matteo
e3299095ec Add the -s option to set jail's securelevel. This is useful for jails run with non-root privileges.
PR:	bin/80242
MFC after:	2 weeks
2006-05-11 13:04:23 +00:00
matteo
9befa26aeb Use .Vt for struct xprison
Suggested by: keramida
2006-05-10 14:26:53 +00:00
matteo
478a691b77 document security.jail.list sysctl in jail(8)
PR:	docs/96807
MFC after:	3
2006-05-08 19:55:17 +00:00
maxim
8cadbc9a2c o Document security.jail.jailed sysctl.
PR:		docs/94711
Submitted by:	Andreas Kohn
MFC after:	2 weeks
2006-05-03 20:13:33 +00:00
maxim
004bb16acb o Do not mangle current session user login name with jail -u|-U.
PR:		bin/94730
Submitted by:	Frank Behrens
MFC after:	1 month
2006-04-16 12:32:04 +00:00
jcamou
0e5649aea4 Do `mount_devfs' when starting a jail.
PR:		docs/86044
Noticed by:	Dan Langille <dan@langille.org>
Reviewed by:	Jose Biskofski <jbiskofski@grmims.com>
Approved by:	trhodes (mentor)
2006-03-16 14:31:35 +00:00
philip
865e779b5d Add [-J jid_file] option to write out a JidFile, similar to a PidFile,
containing the jailid, path, hostname, ip and the command used to start
the jail.

PR:		misc/89883
Submitted by:	L. Jason Godsey <lannygodsey -at- yahoo.com>
Reviewed by:	phk
MFC after:	1 week
2005-12-03 17:32:39 +00:00
keramida
30682c8937 Note that the jail setup example is meant to be fed to sh(1), not csh(1).
PR:		docs/87351
Submitted by:	"Eli K. Breen" <bsd@unixforge.net>
Approved by:	simon, brooks
MFC after:	3 days
2005-10-26 20:19:39 +00:00
brueffer
358e47e63b Add some more info about jail startup and shutdown.
Submitted by:	Jeremie Le Hen <jeremie@le-hen.org>
MFC after:	3 days
2005-08-07 20:53:29 +00:00
arved
3db78d4417 Move DNS configuration before sendmail configuration, because
newaliases(1) may hang without proper DNS configuration.

Approved by:	brueffer
2005-07-25 16:04:30 +00:00
jcamou
97b7bcd777 Mention that it is possible to have jails
started at boot time if specified in
/etc/rc.conf.

PR:		docs/81040
Submitted by:	matteo
Approved by:	trhodes (mentor)
MFC after:	1 week
2005-07-20 00:32:01 +00:00
ru
f4251aff5d Markup fixes.
Approved by:	re (blanket)
2005-06-14 12:26:36 +00:00
pjd
ea42b6f5cd Update manual page after sysctl rename.
Corrected by:	brueffer
2005-06-09 20:52:22 +00:00
pjd
e678735f9f Document 'jid' keyword for ps(1) and '-j' option for pgrep(1)/pkill(1). 2005-05-28 16:23:29 +00:00
pjd
9d27c6032c Remove symblic link kernel->dev/null creation. We don't need it in 5.x/6.x
world (there is no /kernel file anymore).

Reminded by:	Isaac Levy presentation
2005-05-14 18:54:58 +00:00
joel
8996bb423a Fix spelling errors.
Approved by:	brueffer (mentor)
2005-04-30 09:26:22 +00:00
ru
5d9bc16368 Added the convenience "distribution" target which calls the
target of the same name from src/etc/Makefile with a proper
environment, suitable to be used during upgrades and cross-
builds.
2005-02-27 12:11:35 +00:00
cperciva
30beb7d8e4 Add a new sysctl, "security.jail.chflags_allowed", which controls the
behaviour of chflags within a jail.  If set to 0 (the default), then a
jailed root user is treated as an unprivileged user; if set to 1, then
a jailed root user is treated the same as an unjailed root user.

This is necessary to allow "make installworld" to work inside a jail,
since it attempts to manipulate the system immutable flag on certain
files.

Discussed with:	csjp, rwatson
MFC after:	2 weeks
2005-02-08 21:31:11 +00:00
ru
b8a9faaaa3 Fixed punctuation in xrefs. 2005-01-21 20:48:00 +00:00
ru
16dc33fabf Scheduled mdoc(7) sweep. 2005-01-11 11:47:22 +00:00
delphij
65c65c74d4 Initialize lcap and pwd to NULL. This allows a WARNS=6 clean build,
hence bump it to 6.

Note that the last commit message was not quite accurate.  While the
assumption exists in the code, it's not possible to have an
uninitialized p there because if lflag is set when username is NULL
then execution would be terminated earlier.
2004-11-17 10:01:48 +00:00
delphij
0c3804bf65 The code path in main() dealing with lflag assumes that p was
initialized with NULL, while it is not.  So let's initialize
it.
2004-11-17 09:52:10 +00:00
stefanf
d00a4eaaea Pass an array of gid_t rather than an array of int to getgroups().
PR:	56646
2004-10-02 11:40:48 +00:00
maxim
4c83768639 o Add -l option to jail(8) similar to su(1): before running jail'ed
program under specific user's credentials, clean the environment and
set only a few variables.

PR:		bin/70024
Submitted by:	demon
MFC after:	1 month
2004-08-15 08:21:50 +00:00
ru
6294018a20 Mechanically kill hard sentence breaks. 2004-07-02 23:13:00 +00:00
pjd
bf8b1fec3a Prepare jail(8) utility for new functionality which will limit
seeing status of mounted file system for jailed processes.
Pass full path of jail's root directory to the kernel. mount(8) utility is
doing the same thing already.
2004-06-27 10:10:16 +00:00
ru
fbb5447570 Markup nits. 2004-06-05 20:27:10 +00:00
csjp
a4a53235be Sentences should not start with conjunctions. Change "Because"
to "Since".

Pointed out by:	Ceri
2004-06-01 20:32:44 +00:00
csjp
2a8b55a029 Add a warning note to security.jail.allow_raw_sockets
about the risks of enabling raw sockets in prisons.

Because raw sockets can be used to configure and interact
with various network subsystems, extra caution should be
used where privileged access to jails is given out to
untrusted parties. As such, by default this option is disabled.

A few others and I are currently auditing the kernel
source code to ensure that the use of raw sockets by
privledged prison users is safe.

Approved by:	bmilekic (mentor)
2004-06-01 00:25:44 +00:00
maxim
872614c8b3 o Implement -U flag: run command as user which exists only in jail.
o getpwnam(3) returns NULL and does not set errno when the user does
  not exist.  Bail out with "no such user" instead of "Unknown error: 0".

PR:		bin/67262
Submitted by:	demon (-U flag)
MFC after:	3 weeks
2004-05-29 18:39:27 +00:00
dannyboy
6e5d1af09e Typos and nits. 2004-05-20 06:37:44 +00:00
pjd
8b1807b878 Document security.jail.getfsstatroot_only sysctl.
Obtained from:	rwatson's commit log
Approved by:	rwatson
2004-05-20 05:30:16 +00:00
simon
8cd95c1a2a mdoc(7) cleanup for the last commit to this file.
OK'ed by:	bmilekic
2004-05-04 14:39:32 +00:00
bmilekic
02ff3165ce Ammend jail(8) man page to explain new sysctl for raw-sockets
inside jails, Christian's last submission.

Submitted by: Christian S.J. Peron <maneo@bsdpro.com>
2004-05-03 21:12:23 +00:00
le
0aaa719b27 Correct typo. 2004-02-06 21:05:42 +00:00
rwatson
b7bf2a8dfd A variety of content cleanups:
(1) Document the notion of using jail(8) to run "virtual servers" or
    just to constrain specific applications.  If only running specific
    applications, some configuration steps are unnecessary (such as
    editing rc.conf).

(2) Add some more subsection headers to break up the bigger chunks of
    text.

(3) Clarify the problems associated with applications binding all IP
    addresses in the host, and attempt to be more specific about
    potential application problems.  Document how to force sshd to
    bind the the right socket.

(4) Suggest that in a jailed application scenario, you might want to
    have the host syslogd listen on the socket in the jail, rather
    than running syslogd in the jail.

(5) Catch another reference to /stand/sysinstall.

Approved by:	re (bmah implicitly)
2003-11-20 03:47:50 +00:00
rwatson
6b9c80ba7a No need to copy sysinstall into a jail with -CURRENT, since in
-CURRENT, we have /usr/sbin/sysinstall.

Approved by:	re (bmah implicitly)
2003-11-20 02:46:44 +00:00
kensmith
b7f1084c7b - Add a note that there are two MIB variables that have per-jail
settings.

Reviewed by:	rwatson
Approved by:	blackend (mentor)
2003-11-11 18:34:29 +00:00
charnier
01f9734fe0 add FBSDID 2003-07-06 12:44:11 +00:00
rwatson
0536901a65 When pointing users at mount_devfs to populate the /dev of a jail,
tell them that they also need to use devfs rules to prevent
inappropriate devices from appearing in the jail; add an Xref.  In
earlier versions of this man page, the user was instructed to use
sh MAKEDEV jail, which only created a minimal set of device nodes.
2003-06-26 19:04:15 +00:00
mike
82a28ce246 Force output of jail ID (if necessary) before excuting the command,
otherwise redirection of stdout to a file using block buffering will
not complete in time.
2003-04-21 17:20:48 +00:00
mike
6067525913 o Add jls(8) for listing active jails.
o Add jexec(8) to execute a command in an existing jail.
o Add -j option for killall(1) to kill all processes in a specified
  jail.
o Add -i option to jail(8) to output jail ID of newly created jail.
2003-04-09 03:04:12 +00:00
maxim
9b881ef3fc Free login_cap(3) resources after usage.
Submitted by:	demon
2003-04-07 10:16:37 +00:00
maxim
9ab2ed3bdb o Fix error messages formatting, style.
Prodded by:	bde
Reviewed by:	bde
2003-04-02 09:20:08 +00:00
maxim
723ed21bcb o Add -u <username> flag to jail(8): set user context before exec.
PR:		bin/44320
Submitted by:	Mike Matsnev <mike@po.cs.msu.su>
Reviewed by:	-current
MFC after:	6 weeks
2003-03-27 12:16:58 +00:00
maxim
ac2d1cc0c7 portmap_enable -> rpcbind_enable.
Spotted by:	Andrew Khlebutin <andreyh@perm.ru>
2003-03-18 14:01:02 +00:00
keramida
ac4f80b9ad Remove traces of MAKEDEV & add xref to mount_devfs(8).
DEVFS is now mandatory in CURRENT.

PR:		docs/48095
Submitted by:	Grzegorz Czaplinski <G.Czaplinski@prioris.mini.pw.edu.pl>
2003-02-28 22:47:18 +00:00
phk
5a6e603c6a Fix example, we do not need NO_MAKEDEV_RUN any more.
XXX: this example should be updated with a good example of devfs(8) rules.
2002-10-22 15:03:51 +00:00
charnier
d2168fe021 The .Nm utility 2002-07-14 14:47:15 +00:00
dd
3eafd11a94 Fix IP address typo.
PR:		38313
Submitted by:	Jeff Ito <jeffi@rcn.com>
2002-05-20 07:29:25 +00:00
des
4d6b787d2d Usage style sweep: spell "usage" with a small 'u'.
Also change one case of blatant __progname abuse (several more remain)
This commit does not touch anything in src/{contrib,crypto,gnu}/.
2002-04-22 13:44:47 +00:00
arr
1ae1e4e3f2 - Attempt to help declutter kern. sysctl by moving security out from
beneath it.

Reviewed by: rwatson
2002-01-16 06:55:30 +00:00
ru
9f316dd03a mdoc(7) police: ispell rev. 1.32. 2002-01-10 15:15:44 +00:00
ru
338a36ec96 mdoc(7) police: tidy up previous delta. 2002-01-10 15:14:22 +00:00
phk
cdb77be2ca Add some wisdom to the jail setup instructions. 2001-12-14 20:20:50 +00:00
ru
ff31678819 mdoc(7) police overhaul. 2001-12-14 10:18:15 +00:00
arr
a83ce1350e - Update the sysctl mibs in order to reflect the recent kern_jail.c
changes.

Approved by:	rwatson
Reviewed by:	rwatson
2001-12-12 05:24:50 +00:00
dd
581074f694 syslogd can now be configured to bind to a specific address. 2001-09-03 15:42:10 +00:00
dd
5faabe6e0b This is not jail(2), or anything else suitable to be referenced with .Fn. 2001-08-27 12:15:44 +00:00
obrien
9c97c8f02d Perform a major cleanup of the usr.sbin Makefiles.
These are not perfectly in agreement with each other style-wise, but they
are orders of orders of magnitude more consistent style-wise than before.
2001-07-20 06:20:32 +00:00
dd
911ca14c87 Remove whitespace at EOL. 2001-07-15 08:06:20 +00:00
ru
0d5f9334cf mdoc(7) police: removed HISTORY info from the .Os call. 2001-07-10 15:12:08 +00:00
ru
b6359d6af6 mdoc(7) police: sort xrefs. 2001-07-05 08:13:03 +00:00
dd
fdda055e00 Set WARNS=2 on programs that compile cleanly with it; add $FreeBSD$
where necessary.

Submitted by:	Mike Barcroft <mike@q9media.com>
2001-06-30 05:39:36 +00:00
dd
2328ceabca Add missing includes and sort includes. 2001-06-24 20:28:19 +00:00
dd
e3cab8dc0c Include missing header files which define functions for which gcc has
builtints (e.g., exit, strcmp).
2001-06-24 20:25:23 +00:00
sobomax
6c2547ab1f Correct cross-reference:
portmap.8 --> rpcbind.8

Submitted by:	.Xr testing script
2001-06-07 16:59:19 +00:00
asmodai
3263ed06d8 Change NO_MAKEDEV to a finer granularity method:
NO_MAKEDEV_INSTALL and NO_MAKEDEV_RUN.  The former implying the latter.
The names imply what they do.  The last commit by DES based on a PR defeated
the original idea behind NO_MAKEDEV, which was not to run MAKEDEV, but to do
the installation of MAKEDEV.  This should satisfy both parties on the MAKEDEV
challenge.
Reflect this in the documentation.
2001-03-29 14:03:29 +00:00
ru
afd506414e - Backout botched attempt to introduce MANSECT feature.
- MAN[1-9] -> MAN.
2001-03-26 14:42:20 +00:00
ru
f10dc9aca1 Set the default manual section for usr.sbin/ to 8. 2001-03-20 18:17:26 +00:00
rwatson
ef32330c57 o Replace part-wise instructions for building world for jail(8) with
a simple make world; while this does a bit more work, it means that
  jail(8) doesn't have to be kept in sync with /usr/src/Makefile{,.inc1}
  which is a moving target.  MFC candidate.

Submitted by:	FUJISHIMA Satsuki <sf@FreeBSD.org>
Reviewed by:	phk
Also pointed out by:	Phil Kernick <Phil@Kernick.org>
2001-03-11 20:37:11 +00:00
ru
66cd8f698e mdoc(7) police: split punctuation characters + misc fixes. 2001-02-01 16:44:04 +00:00
ru
c23c39b3a4 mdoc(7) police: removed history info from the .Os FreeBSD call. 2000-12-14 11:52:05 +00:00
ru
71e2293ad4 mdoc(7) police: use the new features of the Nm macro. 2000-11-20 20:10:44 +00:00
ru
7d99729431 Use Fx macro wherever possible. 2000-11-14 11:20:58 +00:00
sheldonh
f66aa0121f Whitespace only: Correct poor line-breaking introduced in rev 1.17,
which was limited to correcting mark-up.
2000-11-01 07:51:14 +00:00
sheldonh
89bac1ebf5 Correct mark-up used in rev 1.16, as discussed with its contributor:
* Use a sub-section (Ss) instead of a section (Sh) for
  "Sysctl MIB Entries".

* Use a tagged list (Bl, El and It) instead of sub-sections (Ss) for
  the actual MIB entries.

* Mark paths up as such (Pa).

* Mark defined values up as such (Dv).
2000-11-01 07:49:29 +00:00
rwatson
49a8850e36 o Document various sysctl's available for managing services available
within jail()
2000-10-31 01:47:59 +00:00
dannyboy
f3a0972556 Typo: "is unreliably by default" to "is unreliable by default".
PR:		19411
Submitted by:	Benno Rice <benno@netizen.com.au>
2000-07-08 14:12:34 +00:00
mpp
89b4a9f1be Some minor mdoc style and spelling fixes. 2000-03-24 02:05:54 +00:00
sheldonh
b2240fc1c0 Remove single-space hard sentence breaks. These degrade the quality
of the typeset output, tend to make diffs harder to read and provide
bad examples for new-comers to mdoc.
2000-03-01 14:09:25 +00:00
rwatson
c764ef2782 - As jail(8) has been almost completely rewritten, prepend another copyright/
BSD-style license, as an add-on to phk's beerware license.  Please fedex
  some beer to phk.

- Add a ``make depend'' line to the jail-building, which fixes openssl,
  among other things.  Suggested by: kris

- Add ``newaliases'' to the list of things to do when setting up a new
  jail, so that the jailed sendmail doesn't complain.

- Correct references to ``kern.jail.set_hostname_allowed'' which now read
  ``jail.set_hostname_allowed''.

- Add a reference to sysctl.conf where the sysctl can easily be set in
  a persistent way.

- Add a list of cross references to the man page.

- Fix a formatting nit or two.
2000-02-20 02:51:11 +00:00
rwatson
eeff6080d3 Fix up a few documentation nits in jail(8), as well as improve the
instructions so as to reduce warnings during jail startup, etc.
Add a somewhat bolder warning recommending the use of
kern.jail.set_hostname to limit jail renamining.
2000-02-18 19:02:22 +00:00
rwatson
27da3531aa Modified jail.8 to correct a typo (inetd_flas vs. inetd_flags), and add
a comment to the effect that I'm responsible for the additional
documentation, et al, so that phk gets fewer messages about my errors.
2000-02-16 23:50:43 +00:00
chris
f627aadcb2 Add Robert Watson's much extended documentation including that of the
kern.jail.set_hostname_allowed sysctl MIB.

Submitted by:	rwatson
2000-02-13 05:15:29 +00:00
rwatson
983b65917f Clean up the jail(8) documentation so that it suggests building a jail
userland in a safer way.  Using the NO_MAKEDEV argument in make
distribution prevents the creation of a number of unsafe device nodes
in the jailed /dev, including disk devices, and more.  This depends
on an earlier commit to /etc/Makefile to provide the NO_MAKEDEV
support.

Approved by:	jkh
2000-02-09 04:17:41 +00:00
asmodai
dd4337b929 Properly manify this manpage. 1999-12-21 11:25:10 +00:00
phk
13f3486dd2 A procfs mount is no longer needed for a jail. 1999-12-05 09:28:59 +00:00
phk
b364262c2e Add a version number field to the jail(2) argument so that future changes
can be handled intelligently.

WARNING:  you will need to reinstall #includes and recompile jail(8).
1999-09-19 08:36:37 +00:00
peter
efabb9ccb1 $Id$ -> $FreeBSD$ 1999-08-28 01:35:59 +00:00
phk
0e5641f966 Add example of how to create a jail. 1999-07-09 21:35:50 +00:00
phk
16a5877732 Various cosmetics.
Submitted by:	Rudolf Cejka <cejkar@dcse.fee.vutbr.cz>
Reviewed by:	phk
1999-05-05 19:23:45 +00:00
phk
592151ff93 Fix various bogons.
Submitted by:	Rudolf Cejka <cejkar@dcse.fee.vutbr.cz>
Reviewed by:	phk
1999-05-04 18:20:53 +00:00
phk
ca21a25f17 This Implements the mumbled about "Jail" feature.
This is a seriously beefed up chroot kind of thing.  The process
is jailed along the same lines as a chroot does it, but with
additional tough restrictions imposed on what the superuser can do.

For all I know, it is safe to hand over the root bit inside a
prison to the customer living in that prison, this is what
it was developed for in fact:  "real virtual servers".

Each prison has an ip number associated with it, which all IP
communications will be coerced to use and each prison has its own
hostname.

Needless to say, you need more RAM this way, but the advantage is
that each customer can run their own particular version of apache
and not stomp on the toes of their neighbors.

It generally does what one would expect, but setting up a jail
still takes a little knowledge.

A few notes:

   I have no scripts for setting up a jail, don't ask me for them.

   The IP number should be an alias on one of the interfaces.

   mount a /proc in each jail, it will make ps more useable.

   /proc/<pid>/status tells the hostname of the prison for
   jailed processes.

   Quotas are only sensible if you have a mountpoint per prison.

   There are no privisions for stopping resource-hogging.

   Some "#ifdef INET" and similar may be missing (send patches!)

If somebody wants to take it from here and develop it into
more of a "virtual machine" they should be most welcome!

Tools, comments, patches & documentation most welcome.

Have fun...

Sponsored by:   http://www.rndassociates.com/
Run for almost a year by:       http://www.servetheweb.com/
1999-04-28 11:38:52 +00:00