26 Commits

Author SHA1 Message Date
kensmith
3a0281dcf0 - Markup fix-ups (add .Dq, and some hard line breaks at the end
of sentences).

Approved by:	blackend (mentor)
2003-11-11 18:31:36 +00:00
kensmith
c0be2ff06a - Add a note about how jail(2) effects the securelevel.
Reviewed by:	rwatson
Approved by:	blackend (mentor)
2003-11-11 18:21:20 +00:00
ru
9bcac8799e Assorted mdoc(7) fixes.
Approved by:	re (blanket)
2003-05-22 13:02:28 +00:00
mike
75859ca578 o In struct prison, add an allprison linked list of prisons (protected
by allprison_mtx), a unique prison/jail identifier field, two path
  fields (pr_path for reporting and pr_root vnode instance) to store
  the chroot() point of each jail.
o Add jail_attach(2) to allow a process to bind to an existing jail.
o Add change_root() to perform the chroot operation on a specified
  vnode.
o Generalize change_dir() to accept a vnode, and move namei() calls
  to callers of change_dir().
o Add a new sysctl (security.jail.list) which is a group of
  struct xprison instances that represent a snapshot of active jails.

Reviewed by:	rwatson, tjr
2003-04-09 02:55:18 +00:00
ru
a4b155d7a2 mdoc(7) police: Tidy up the syscall language.
Stop calling system calls "function calls".

Use "The .Fn system call" a-la "The .Nm utility".

When referring to a non-BSD implementation in
the HISTORY section, call syscall a function,
to be safe.
2002-12-18 09:22:32 +00:00
dd
1bb2478dbe Remove extra word.
Submitted by:	Andre Guibert de Bruet <andy@siliconlandmark.com>
2002-05-26 05:24:53 +00:00
ru
623da62a5a mdoc(7) police: Use the new .In macro for #include statements. 2001-10-01 16:09:29 +00:00
dd
3ac0264ecd Don't capitalize jail(2) in the middle of a sentence.
PR:		25876
Submitted by:	Koizumi Satoru <koizumi@cms.phys.s.u-tokyo.ac.jp>
2001-09-03 17:49:29 +00:00
dd
4101eebee9 There shuldn't be whitespace before a question mark. 2001-08-27 09:34:39 +00:00
dd
a145482cf6 Remove whitespace at EOL. 2001-07-15 07:53:42 +00:00
ru
317b7d8e37 mdoc(7) police: removed HISTORY info from the .Os call. 2001-07-10 13:41:46 +00:00
ru
2d1b95a96f mdoc(7) police: normalize .Nd. 2001-04-18 15:54:10 +00:00
ru
8ba4187688 Prepare for mdoc(7)NG. 2000-12-29 14:08:20 +00:00
ru
c23c39b3a4 mdoc(7) police: removed history info from the .Os FreeBSD call. 2000-12-14 11:52:05 +00:00
phantom
cb5fd90ad4 Use `Er' variable to define first column width in ERRORS section. It was
initially suggested by mdoc(7) style, but was broken over the years
2000-05-04 13:09:25 +00:00
phantom
5401879e3b Introduce ".Lb" macro to libc manpages.
More libraries manpages updates following.
2000-04-21 09:42:15 +00:00
asmodai
70260fd3cb Fix a typo which I cannot believe I missed after rereading this text
about 6-7 times prior to commit.

Reported by: sheldonh
1999-12-21 11:55:44 +00:00
asmodai
fc6ea6bcd8 Properly manify this manpage.
Fix some spelling mistakes and typo's inspired by Nicholas' initial
PR submission.

PR:		docs/15597
Submitted by:	Nicholas Esborn <nick@flatlan.net>
1999-12-21 11:19:32 +00:00
phk
d879133e0b Add a version number field to the jail(2) argument so that future changes
can be handled intelligently.
1999-09-19 08:36:03 +00:00
phantom
f02290dd56 mdoc(7) style fix: FreeBSD -> .Fx
Reviewed by:	mpp
1999-09-05 06:47:01 +00:00
peter
76f0c923fe $Id$ -> $FreeBSD$ 1999-08-28 00:22:10 +00:00
mpp
b813f67e2a Various man page cleanup:
- Sort xrefs
- FreeBSD.ORG -> FreeBSD.org
- Be consistent with section names as outlines in mdoc(7)
- Other misc mdoc cleanup.

PR:		doc/13144
Submitted by:	Alexy M. Zelkin <phantom@cris.net>
1999-08-15 09:51:25 +00:00
phk
67e84e4db5 Clarify an explanation a little bit. 1999-07-09 21:35:37 +00:00
green
1bda07a770 Minor English corrections were made; SEE ALSO was also fixed (no commas). 1999-06-17 23:43:35 +00:00
phk
4d19e50f17 $ brucify -deblunder 1999-05-16 10:51:52 +00:00
phk
ca21a25f17 This Implements the mumbled about "Jail" feature.
This is a seriously beefed up chroot kind of thing.  The process
is jailed along the same lines as a chroot does it, but with
additional tough restrictions imposed on what the superuser can do.

For all I know, it is safe to hand over the root bit inside a
prison to the customer living in that prison, this is what
it was developed for in fact:  "real virtual servers".

Each prison has an ip number associated with it, which all IP
communications will be coerced to use and each prison has its own
hostname.

Needless to say, you need more RAM this way, but the advantage is
that each customer can run their own particular version of apache
and not stomp on the toes of their neighbors.

It generally does what one would expect, but setting up a jail
still takes a little knowledge.

A few notes:

   I have no scripts for setting up a jail, don't ask me for them.

   The IP number should be an alias on one of the interfaces.

   mount a /proc in each jail, it will make ps more useable.

   /proc/<pid>/status tells the hostname of the prison for
   jailed processes.

   Quotas are only sensible if you have a mountpoint per prison.

   There are no privisions for stopping resource-hogging.

   Some "#ifdef INET" and similar may be missing (send patches!)

If somebody wants to take it from here and develop it into
more of a "virtual machine" they should be most welcome!

Tools, comments, patches & documentation most welcome.

Have fun...

Sponsored by:   http://www.rndassociates.com/
Run for almost a year by:       http://www.servetheweb.com/
1999-04-28 11:38:52 +00:00