freebsd-skq/usr.sbin
Poul-Henning Kamp 75c1354190 This Implements the mumbled about "Jail" feature.
This is a seriously beefed up chroot kind of thing.  The process
is jailed along the same lines as a chroot does it, but with
additional tough restrictions imposed on what the superuser can do.

For all I know, it is safe to hand over the root bit inside a
prison to the customer living in that prison, this is what
it was developed for in fact:  "real virtual servers".

Each prison has an ip number associated with it, which all IP
communications will be coerced to use and each prison has its own
hostname.

Needless to say, you need more RAM this way, but the advantage is
that each customer can run their own particular version of apache
and not stomp on the toes of their neighbors.

It generally does what one would expect, but setting up a jail
still takes a little knowledge.

A few notes:

   I have no scripts for setting up a jail, don't ask me for them.

   The IP number should be an alias on one of the interfaces.

   mount a /proc in each jail, it will make ps more useable.

   /proc/<pid>/status tells the hostname of the prison for
   jailed processes.

   Quotas are only sensible if you have a mountpoint per prison.

   There are no privisions for stopping resource-hogging.

   Some "#ifdef INET" and similar may be missing (send patches!)

If somebody wants to take it from here and develop it into
more of a "virtual machine" they should be most welcome!

Tools, comments, patches & documentation most welcome.

Have fun...

Sponsored by:   http://www.rndassociates.com/
Run for almost a year by:       http://www.servetheweb.com/
1999-04-28 11:38:52 +00:00
..
ac /var/log/wtmp entries for ptys are treated differently in ac, since 1998-07-02 05:34:08 +00:00
accton
adduser Added myself as maintainer. 1999-02-09 17:23:03 +00:00
amd Cosmetic reformating. 1999-02-14 22:04:09 +00:00
apm o Enable standby mode in apm utility. You need a newer kernel for this 1998-09-04 16:08:54 +00:00
apmconf
arp Submitted by: Larry Lile 1999-03-10 10:11:43 +00:00
atm Fixed typo done, thanks! 1998-12-20 02:53:49 +00:00
bad144 Change MACHINE to MACHINE_ARCH to support MACHINE=pc98. 1998-09-05 08:22:30 +00:00
boot0cfg Finish implementing "setdrv" option. This is intended to be used 1999-02-26 14:57:17 +00:00
bootparamd #include <arpa/inet.h> for inet_* definitions. 1998-06-12 14:39:00 +00:00
btxld Enable client entry point support. 1998-09-13 13:28:07 +00:00
cdcontrol (1) Make usage() and SYNOPSIS agree with each other. 1999-01-31 15:30:21 +00:00
chkgrp Inserted missing .Bl in the FILES section. 1998-07-14 07:55:27 +00:00
chown
chroot
ckdist
config Make options like NO_F00F_HACK work (with context sensitive lexical rules). 1999-04-27 01:37:01 +00:00
cron This is a hack. Cron runs with stdin/out/err pointing to /dev/console, 1999-04-06 04:31:23 +00:00
crunch Temporary use different stubs for the ECOFF case; I'm trying to get this 1998-10-02 11:30:07 +00:00
ctm Use 4 digit year in log file, rather than 2. 1999-01-19 11:52:57 +00:00
dev_mkdb
diskpart
dpt Remove useless `BINOWN=root' now that it is the default. 1998-09-19 22:42:14 +00:00
edquota Fixed overflow in 1K-blocks to disk-blocks conversions. Use quad 1999-01-01 13:15:02 +00:00
fdcontrol
fdformat mkdosfs(1) is dead, refere to newfs_msdos(8) 1998-09-29 17:31:28 +00:00
fdwrite Typo. 1998-06-27 21:29:35 +00:00
i4b add the dtmfdecode program (added to i4b with 0.71.00) to the i4b userland 1999-03-07 17:09:03 +00:00
inetd Fix the "internal" wrapping as well as a nasty bug involving 1999-04-11 09:22:17 +00:00
iostat Change the devstat generation number from an int to a long. The int-sized 1998-09-20 00:11:23 +00:00
ipfstat
ipftest
ipmon Install ipmon.8 in man8/ not man1/. 1998-08-30 04:48:00 +00:00
ipnat
ipresend
ipsend
iptest
IPXrouted Add an option to disable responses to SAP_GETNEAREST_SERVER requests. 1999-04-24 09:18:49 +00:00
jail This Implements the mumbled about "Jail" feature. 1999-04-28 11:38:52 +00:00
kbdcontrol Fix builds for the AXP 1999-03-17 11:42:18 +00:00
kbdmap Added myself as maintainer. 1999-02-09 17:23:03 +00:00
kernbb Now bb structures are linked together. 1999-03-21 12:32:17 +00:00
keyadmin
keyserv Remove irrelevant section. 1998-10-13 08:14:31 +00:00
kgmon
kvm_mkdb Handle ELF symbols better. This fixes "vmstat -i" for the case 1998-10-28 06:39:41 +00:00
lpr lpd tries to be clever and checks if RM == my_hostname. 1999-04-27 07:09:18 +00:00
lptcontrol Add -e option and change unit to device access in lptcontrol.8 1999-02-14 12:23:49 +00:00
mailstats Build sendmail-8.9.1 makemap. 1998-08-04 15:25:32 +00:00
makemap Add snprintf.c to SRCS so that the function quad_to_string exists. The 1998-08-06 23:01:49 +00:00
manctl
memcontrol Commandline tool for manipulating memory range attributes. 1999-04-07 04:11:14 +00:00
mixer fix a core dump problem when you don't give -f a parameter... also compare 1998-05-07 14:13:16 +00:00
mount_portalfs Add pt_tcplisten.c functionality, fix a few minor bugs 1998-12-15 18:59:07 +00:00
mountd Typo fix in diagnostic: -alldir --> -alldirs 1999-04-21 22:42:36 +00:00
moused USB is only on PC's at the minute, don't try and use the MOUSE_IF_USB 1999-03-01 04:47:37 +00:00
mptable
mrouted Use the proper mdoc macro 1999-03-20 04:26:57 +00:00
mtest Use AF_LINK rather than AF_UNSPEC to set an ethernet multicast address. 1998-05-28 07:31:30 +00:00
mtree When bootstrapping mtree, don't depend on there being a libmd at all. 1999-03-01 02:43:42 +00:00
named bsd.dep.mk doesn't know about -idirafter, and doesn't parse -I the 1998-06-11 10:42:58 +00:00
named.reload
named.restart
ndc Allow both old and new rc.conf syntax. 1999-02-12 00:17:12 +00:00
newsyslog Fix description of size, it's in kilobytes, not bytes. 1999-04-10 15:09:07 +00:00
nfsd Update refs for KLD's and kldload. 1999-04-01 01:42:28 +00:00
nologin Added xref to nologin(5). 1999-02-01 21:02:38 +00:00
nslookup
nsupdate
pccard When printing out V1 info, make sure that there is additional info 1999-03-13 04:41:35 +00:00
pciconf Replace LKM with KLD. 1999-04-06 14:04:37 +00:00
pcvt Part 4 of pcvt/voxware revival: pcvt userland 1999-01-01 08:32:05 +00:00
periodic local_cron -> local_periodic 1999-04-23 18:26:55 +00:00
pkg_install If pkg_info is run with no args, default to "-aI". 1999-04-27 02:30:27 +00:00
pnpinfo
portmap Fixed world breakage in previous commit. -lwrap was in LDFLAGS where 1999-03-29 03:17:43 +00:00
ppp Change ``set device'' so that it parses its arguments as one 1999-04-27 00:23:57 +00:00
pppctl Add support for NetBSD (history() from libedit is different). 1999-04-26 08:53:52 +00:00
pppd Fix the MS-CHAP support. The code was passing a bit count to 1998-10-11 19:40:38 +00:00
pppstats Remove illegal ".Nm". This file is still using -man, not -mdoc. 1998-07-09 04:53:11 +00:00
praliases Use sendmail-8.9.1 praliases 1998-08-04 15:26:57 +00:00
procctl
pstat Fix formatting bug with [NFS swap] vs /dev/DEVNAME 1999-01-22 10:57:22 +00:00
pw Fix date parsing to allow '0' (none) date value. 1999-03-15 08:16:01 +00:00
pwd_mkdb Enable source file locking in pwd_mkdb by including the proper letter 1999-01-01 20:39:37 +00:00
quot PR: bin/8624 1998-12-13 07:16:05 +00:00
quotaon
rarpd Sync usage string with reality: removed -n, added -s. 1998-12-06 16:31:47 +00:00
repquota Make it compatible with long usernames 1998-06-14 22:56:31 +00:00
rmt Add support for the 'V'ersion rmt command. 1998-09-15 10:30:25 +00:00
rndcontrol
rpc.lockd Removed bogus dependencies of generated .c files on generated headers. 1998-05-10 16:03:17 +00:00
rpc.statd Removed bogus dependencies of generated .c files on generated headers. 1998-05-10 16:03:17 +00:00
rpc.yppasswdd Host names are case-insensitive. 1999-03-16 01:23:09 +00:00
rpc.ypupdated Removed bogus dependencies of generated .c files on generated headers. 1998-05-10 16:03:17 +00:00
rpc.ypxfrd Darnit, that last commit was only supposed to change files in the 1998-06-04 15:37:05 +00:00
rtprio PR: 7489 1998-08-04 14:33:42 +00:00
rwhod Implement the -l commandline option which turns off broadcast of 1999-01-11 05:27:37 +00:00
sa
sade Deal with new loader syntax in determining how/when to load a userconfig 1999-04-28 10:51:01 +00:00
sendmail Enable tcp_wrapper support by default. 1999-03-28 10:55:03 +00:00
sgsc
sicontrol
sliplogin Remove useless `BINOWN=root' now that it is the default. 1998-09-19 22:42:14 +00:00
slstat Clarify what the '-r' option does. 1998-12-03 20:44:45 +00:00
spkrtest Added myself as maintainer. 1999-02-09 17:23:03 +00:00
spray
stallion Removed all `vector xxxintr' specifications. Interrupt handlers are now 1998-10-22 15:53:06 +00:00
sysctl Clean up option handling a little. 1999-01-10 02:10:08 +00:00
sysinstall Deal with new loader syntax in determining how/when to load a userconfig 1999-04-28 10:51:01 +00:00
syslogd Ensure a terminating null when processing hostname strings from 1998-12-29 23:14:50 +00:00
tcpdchk Build tcp_wrappers' userland. I am not building tcpd, because in a day 1999-03-14 18:02:14 +00:00
tcpdmatch Build tcp_wrappers' userland. I am not building tcpd, because in a day 1999-03-14 18:02:14 +00:00
tcpdump World, I'd like you to meet the first FreeBSD token Ring driver. 1999-02-20 11:18:00 +00:00
timed Remove useless `BINOWN=root' now that it is the default. 1998-09-19 22:42:14 +00:00
traceroute Add '-fno-builtin' to CFLAGS for alpha. 1999-01-13 10:27:00 +00:00
trpt
tzsetup Add a `default' feature to tzsetup for use in script-driven installation 1999-02-02 20:26:31 +00:00
usbd Syncing with NetBSD version 1998/12/14 1999-04-11 21:03:28 +00:00
usbdevs Syncing with NetBSD version 1998/12/14 1999-04-11 21:03:28 +00:00
vidcontrol Change LKM to KLD. 1999-04-08 13:51:54 +00:00
vipw oops. Fix indentation of the 'for' loop I just added. 1998-12-13 01:39:32 +00:00
vnconfig Submitted by: Matt Dillon <dillon@freebsd.org> 1999-03-14 09:20:01 +00:00
watch
wlconfig Typo curnwid -> currnwid 1998-11-04 08:33:32 +00:00
wormcontrol Add 'blank' and 'nextwriteable' commands for atapi CD-R/RW support. 1998-09-08 20:51:24 +00:00
xntpd Correct typo. 1999-04-19 07:17:58 +00:00
xten Removed all `vector xxxintr' specifications. Interrupt handlers are now 1998-10-22 15:53:06 +00:00
yp_mkdb
ypbind Use u_int32_t for sin_addr.s_addr rather than u_long to avoid 1999-04-13 16:26:21 +00:00
yppoll
yppush Don't assume that time_t is long. 1998-06-29 18:15:21 +00:00
ypserv Close PR #11122: check key length before calling strncmp() 1999-04-14 04:05:59 +00:00
ypset
zic Add a prototype to silence warnings. 1999-02-23 12:02:07 +00:00
Makefile This Implements the mumbled about "Jail" feature. 1999-04-28 11:38:52 +00:00
Makefile.inc