Commit Graph

55 Commits

Author SHA1 Message Date
rwatson
0536901a65 When pointing users at mount_devfs to populate the /dev of a jail,
tell them that they also need to use devfs rules to prevent
inappropriate devices from appearing in the jail; add an Xref.  In
earlier versions of this man page, the user was instructed to use
sh MAKEDEV jail, which only created a minimal set of device nodes.
2003-06-26 19:04:15 +00:00
mike
82a28ce246 Force output of jail ID (if necessary) before excuting the command,
otherwise redirection of stdout to a file using block buffering will
not complete in time.
2003-04-21 17:20:48 +00:00
mike
6067525913 o Add jls(8) for listing active jails.
o Add jexec(8) to execute a command in an existing jail.
o Add -j option for killall(1) to kill all processes in a specified
  jail.
o Add -i option to jail(8) to output jail ID of newly created jail.
2003-04-09 03:04:12 +00:00
maxim
9b881ef3fc Free login_cap(3) resources after usage.
Submitted by:	demon
2003-04-07 10:16:37 +00:00
maxim
9ab2ed3bdb o Fix error messages formatting, style.
Prodded by:	bde
Reviewed by:	bde
2003-04-02 09:20:08 +00:00
maxim
723ed21bcb o Add -u <username> flag to jail(8): set user context before exec.
PR:		bin/44320
Submitted by:	Mike Matsnev <mike@po.cs.msu.su>
Reviewed by:	-current
MFC after:	6 weeks
2003-03-27 12:16:58 +00:00
maxim
ac2d1cc0c7 portmap_enable -> rpcbind_enable.
Spotted by:	Andrew Khlebutin <andreyh@perm.ru>
2003-03-18 14:01:02 +00:00
keramida
ac4f80b9ad Remove traces of MAKEDEV & add xref to mount_devfs(8).
DEVFS is now mandatory in CURRENT.

PR:		docs/48095
Submitted by:	Grzegorz Czaplinski <G.Czaplinski@prioris.mini.pw.edu.pl>
2003-02-28 22:47:18 +00:00
phk
5a6e603c6a Fix example, we do not need NO_MAKEDEV_RUN any more.
XXX: this example should be updated with a good example of devfs(8) rules.
2002-10-22 15:03:51 +00:00
charnier
d2168fe021 The .Nm utility 2002-07-14 14:47:15 +00:00
dd
3eafd11a94 Fix IP address typo.
PR:		38313
Submitted by:	Jeff Ito <jeffi@rcn.com>
2002-05-20 07:29:25 +00:00
des
4d6b787d2d Usage style sweep: spell "usage" with a small 'u'.
Also change one case of blatant __progname abuse (several more remain)
This commit does not touch anything in src/{contrib,crypto,gnu}/.
2002-04-22 13:44:47 +00:00
arr
1ae1e4e3f2 - Attempt to help declutter kern. sysctl by moving security out from
beneath it.

Reviewed by: rwatson
2002-01-16 06:55:30 +00:00
ru
9f316dd03a mdoc(7) police: ispell rev. 1.32. 2002-01-10 15:15:44 +00:00
ru
338a36ec96 mdoc(7) police: tidy up previous delta. 2002-01-10 15:14:22 +00:00
phk
cdb77be2ca Add some wisdom to the jail setup instructions. 2001-12-14 20:20:50 +00:00
ru
ff31678819 mdoc(7) police overhaul. 2001-12-14 10:18:15 +00:00
arr
a83ce1350e - Update the sysctl mibs in order to reflect the recent kern_jail.c
changes.

Approved by:	rwatson
Reviewed by:	rwatson
2001-12-12 05:24:50 +00:00
dd
581074f694 syslogd can now be configured to bind to a specific address. 2001-09-03 15:42:10 +00:00
dd
5faabe6e0b This is not jail(2), or anything else suitable to be referenced with .Fn. 2001-08-27 12:15:44 +00:00
obrien
9c97c8f02d Perform a major cleanup of the usr.sbin Makefiles.
These are not perfectly in agreement with each other style-wise, but they
are orders of orders of magnitude more consistent style-wise than before.
2001-07-20 06:20:32 +00:00
dd
911ca14c87 Remove whitespace at EOL. 2001-07-15 08:06:20 +00:00
ru
0d5f9334cf mdoc(7) police: removed HISTORY info from the .Os call. 2001-07-10 15:12:08 +00:00
ru
b6359d6af6 mdoc(7) police: sort xrefs. 2001-07-05 08:13:03 +00:00
dd
fdda055e00 Set WARNS=2 on programs that compile cleanly with it; add $FreeBSD$
where necessary.

Submitted by:	Mike Barcroft <mike@q9media.com>
2001-06-30 05:39:36 +00:00
dd
2328ceabca Add missing includes and sort includes. 2001-06-24 20:28:19 +00:00
dd
e3cab8dc0c Include missing header files which define functions for which gcc has
builtints (e.g., exit, strcmp).
2001-06-24 20:25:23 +00:00
sobomax
6c2547ab1f Correct cross-reference:
portmap.8 --> rpcbind.8

Submitted by:	.Xr testing script
2001-06-07 16:59:19 +00:00
asmodai
3263ed06d8 Change NO_MAKEDEV to a finer granularity method:
NO_MAKEDEV_INSTALL and NO_MAKEDEV_RUN.  The former implying the latter.
The names imply what they do.  The last commit by DES based on a PR defeated
the original idea behind NO_MAKEDEV, which was not to run MAKEDEV, but to do
the installation of MAKEDEV.  This should satisfy both parties on the MAKEDEV
challenge.
Reflect this in the documentation.
2001-03-29 14:03:29 +00:00
ru
afd506414e - Backout botched attempt to introduce MANSECT feature.
- MAN[1-9] -> MAN.
2001-03-26 14:42:20 +00:00
ru
f10dc9aca1 Set the default manual section for usr.sbin/ to 8. 2001-03-20 18:17:26 +00:00
rwatson
ef32330c57 o Replace part-wise instructions for building world for jail(8) with
a simple make world; while this does a bit more work, it means that
  jail(8) doesn't have to be kept in sync with /usr/src/Makefile{,.inc1}
  which is a moving target.  MFC candidate.

Submitted by:	FUJISHIMA Satsuki <sf@FreeBSD.org>
Reviewed by:	phk
Also pointed out by:	Phil Kernick <Phil@Kernick.org>
2001-03-11 20:37:11 +00:00
ru
66cd8f698e mdoc(7) police: split punctuation characters + misc fixes. 2001-02-01 16:44:04 +00:00
ru
c23c39b3a4 mdoc(7) police: removed history info from the .Os FreeBSD call. 2000-12-14 11:52:05 +00:00
ru
71e2293ad4 mdoc(7) police: use the new features of the Nm macro. 2000-11-20 20:10:44 +00:00
ru
7d99729431 Use Fx macro wherever possible. 2000-11-14 11:20:58 +00:00
sheldonh
f66aa0121f Whitespace only: Correct poor line-breaking introduced in rev 1.17,
which was limited to correcting mark-up.
2000-11-01 07:51:14 +00:00
sheldonh
89bac1ebf5 Correct mark-up used in rev 1.16, as discussed with its contributor:
* Use a sub-section (Ss) instead of a section (Sh) for
  "Sysctl MIB Entries".

* Use a tagged list (Bl, El and It) instead of sub-sections (Ss) for
  the actual MIB entries.

* Mark paths up as such (Pa).

* Mark defined values up as such (Dv).
2000-11-01 07:49:29 +00:00
rwatson
49a8850e36 o Document various sysctl's available for managing services available
within jail()
2000-10-31 01:47:59 +00:00
dannyboy
f3a0972556 Typo: "is unreliably by default" to "is unreliable by default".
PR:		19411
Submitted by:	Benno Rice <benno@netizen.com.au>
2000-07-08 14:12:34 +00:00
mpp
89b4a9f1be Some minor mdoc style and spelling fixes. 2000-03-24 02:05:54 +00:00
sheldonh
b2240fc1c0 Remove single-space hard sentence breaks. These degrade the quality
of the typeset output, tend to make diffs harder to read and provide
bad examples for new-comers to mdoc.
2000-03-01 14:09:25 +00:00
rwatson
c764ef2782 - As jail(8) has been almost completely rewritten, prepend another copyright/
BSD-style license, as an add-on to phk's beerware license.  Please fedex
  some beer to phk.

- Add a ``make depend'' line to the jail-building, which fixes openssl,
  among other things.  Suggested by: kris

- Add ``newaliases'' to the list of things to do when setting up a new
  jail, so that the jailed sendmail doesn't complain.

- Correct references to ``kern.jail.set_hostname_allowed'' which now read
  ``jail.set_hostname_allowed''.

- Add a reference to sysctl.conf where the sysctl can easily be set in
  a persistent way.

- Add a list of cross references to the man page.

- Fix a formatting nit or two.
2000-02-20 02:51:11 +00:00
rwatson
eeff6080d3 Fix up a few documentation nits in jail(8), as well as improve the
instructions so as to reduce warnings during jail startup, etc.
Add a somewhat bolder warning recommending the use of
kern.jail.set_hostname to limit jail renamining.
2000-02-18 19:02:22 +00:00
rwatson
27da3531aa Modified jail.8 to correct a typo (inetd_flas vs. inetd_flags), and add
a comment to the effect that I'm responsible for the additional
documentation, et al, so that phk gets fewer messages about my errors.
2000-02-16 23:50:43 +00:00
chris
f627aadcb2 Add Robert Watson's much extended documentation including that of the
kern.jail.set_hostname_allowed sysctl MIB.

Submitted by:	rwatson
2000-02-13 05:15:29 +00:00
rwatson
983b65917f Clean up the jail(8) documentation so that it suggests building a jail
userland in a safer way.  Using the NO_MAKEDEV argument in make
distribution prevents the creation of a number of unsafe device nodes
in the jailed /dev, including disk devices, and more.  This depends
on an earlier commit to /etc/Makefile to provide the NO_MAKEDEV
support.

Approved by:	jkh
2000-02-09 04:17:41 +00:00
asmodai
dd4337b929 Properly manify this manpage. 1999-12-21 11:25:10 +00:00
phk
13f3486dd2 A procfs mount is no longer needed for a jail. 1999-12-05 09:28:59 +00:00
phk
b364262c2e Add a version number field to the jail(2) argument so that future changes
can be handled intelligently.

WARNING:  you will need to reinstall #includes and recompile jail(8).
1999-09-19 08:36:37 +00:00