freebsd-skq/lib/libc/sys
Poul-Henning Kamp 75c1354190 This Implements the mumbled about "Jail" feature.
This is a seriously beefed up chroot kind of thing.  The process
is jailed along the same lines as a chroot does it, but with
additional tough restrictions imposed on what the superuser can do.

For all I know, it is safe to hand over the root bit inside a
prison to the customer living in that prison, this is what
it was developed for in fact:  "real virtual servers".

Each prison has an ip number associated with it, which all IP
communications will be coerced to use and each prison has its own
hostname.

Needless to say, you need more RAM this way, but the advantage is
that each customer can run their own particular version of apache
and not stomp on the toes of their neighbors.

It generally does what one would expect, but setting up a jail
still takes a little knowledge.

A few notes:

   I have no scripts for setting up a jail, don't ask me for them.

   The IP number should be an alias on one of the interfaces.

   mount a /proc in each jail, it will make ps more useable.

   /proc/<pid>/status tells the hostname of the prison for
   jailed processes.

   Quotas are only sensible if you have a mountpoint per prison.

   There are no privisions for stopping resource-hogging.

   Some "#ifdef INET" and similar may be missing (send patches!)

If somebody wants to take it from here and develop it into
more of a "virtual machine" they should be most welcome!

Tools, comments, patches & documentation most welcome.

Have fun...

Sponsored by:   http://www.rndassociates.com/
Run for almost a year by:       http://www.servetheweb.com/
1999-04-28 11:38:52 +00:00
..
__error.c Function to return a pointer to the non-threaded errno. This is declared 1998-03-09 07:09:55 +00:00
_exit.2 .Xr sigvec --> sigaction 1998-01-11 16:56:01 +00:00
accept.2 Update to reflect reality. 1998-11-16 03:49:39 +00:00
access.2 Revert $FreeBSD$ to $Id$ 1997-02-22 15:12:41 +00:00
acct.2 Remove the EINVAL error from the ERRORS sections that 1997-01-11 23:56:32 +00:00
adjtime.2 Fixed missing const(s) or #include(s) in synopsis. 1997-04-11 18:47:10 +00:00
aio_read.2 Man page for aio_read(2). 1998-11-19 04:07:55 +00:00
bind.2 Fixed missing const(s) or #include(s) in synopsis. 1997-04-11 18:47:10 +00:00
brk.2 Fixed synopsis (the #include was bogus and the return type for brk() was 1997-04-11 18:39:44 +00:00
chdir.2 Revert $FreeBSD$ to $Id$ 1997-02-22 15:12:41 +00:00
chflags.2 EOPNOTSUPP also applies to fchflags(). 1999-02-15 13:16:02 +00:00
chmod.2 Formatting fix. 1998-01-11 17:49:51 +00:00
chown.2 Fix a minor grammar problem. 1997-04-01 18:06:33 +00:00
chroot.2 Add a sysctl variable which can help stop chroot(2) escapes. 1999-03-23 14:26:40 +00:00
clock_gettime.2 Fixed wrong prototype for clock_getres(). 1998-01-16 13:39:49 +00:00
close.2 Revert $FreeBSD$ to $Id$ 1997-02-22 15:12:41 +00:00
connect.2 Fixed missing const(s) or #include(s) in synopsis. 1997-04-11 18:47:10 +00:00
dup.2 Clarified the behaviour of dup2(fd1,fd2) when fd1==fd2 and when fd1 is invalid. 1997-03-09 13:16:48 +00:00
execve.2 Mention that set-id bits are not honoured for shell scripts and 1999-04-27 03:56:10 +00:00
fcntl.2 Document the errno return if the restrictions on the fcntl(F_SETOWN, ...) 1999-01-19 09:33:14 +00:00
flock.2 Updated the LOCK_* #defines in the synopsis to be lexically identical 1997-04-13 13:43:06 +00:00
fork.2 Add <sys/types.h> to synopsis. 1998-01-11 16:51:49 +00:00
fsync.2 Correctly use .Fn instead of .Nm to reference function names 1996-08-22 23:31:07 +00:00
ftruncate.c Implement compile time thread lock debug. 1998-06-09 08:37:35 +00:00
getdirentries.2 Typo. 1998-10-30 23:50:48 +00:00
getdtablesize.2
getfh.2 Fixed missing const(s) or #include(s) in synopsis. 1997-04-11 18:47:10 +00:00
getfsstat.2 Merge from Lite2 onto mainline - 1997-03-11 11:35:56 +00:00
getgid.2 Fixed missing #include in synopsis. 1997-04-11 18:57:26 +00:00
getgroups.2 Backed out most of rev.1.4. I didn't submit it; I only submitted a 1999-03-05 10:29:34 +00:00
getitimer.2 Explicitly point that it_value == 0 disables timer regardles of 1997-08-14 08:26:25 +00:00
getlogin.2 Removed superfluous quoting of function args. 1997-09-07 04:10:35 +00:00
getpeername.2 Sort cross references. 1997-01-20 23:23:22 +00:00
getpgrp.2 Sort cross refereces in section SEE ALSO. 1997-09-29 19:11:55 +00:00
getpid.2 Added sys/types.h to synopsis as per POSIX. 1998-01-11 22:16:11 +00:00
getpriority.2 Correctly use .Fn instead of .Nm to reference function names 1996-08-22 23:31:07 +00:00
getrlimit.2 Fixed brk(2) xref. 1998-01-11 22:22:50 +00:00
getrusage.2 Fix a bunch of spelling errors. 1998-06-04 21:06:07 +00:00
getsid.2 Sort cross refereces in section SEE ALSO. 1997-09-29 19:11:55 +00:00
getsockname.2 add xrefs for getpeername, so other people that look for it can find it.. :) 1997-03-24 01:22:01 +00:00
getsockopt.2 Merge from Lite2 onto mainline - 1997-03-11 11:35:56 +00:00
gettimeofday.2 Formatting fix & improved comment for struct timeval. 1998-01-11 22:28:56 +00:00
getuid.2 Xref the new issetugid(2) man page where appropriate. 1997-04-01 18:58:38 +00:00
intro.2 PID_MAX is now 99999. 1999-03-10 20:55:23 +00:00
ioctl.2 Add $Id$, remove quoting for `...'. 1998-09-09 01:30:25 +00:00
issetugid.2 Sort cross refereces in section SEE ALSO. 1997-09-29 19:11:55 +00:00
jail.2 This Implements the mumbled about "Jail" feature. 1999-04-28 11:38:52 +00:00
kill.2 Fixed missing const(s) or #include(s) in synopsis. 1997-04-11 18:47:10 +00:00
kldfind.2 Fixed missing include in synopsis. 1999-04-09 14:31:59 +00:00
kldfirstmod.2 Fixed missing include in synopsis. 1999-04-09 14:31:59 +00:00
kldload.2 Fixed missing include in synopsis. 1999-04-09 14:31:59 +00:00
kldnext.2 Fixed missing include in synopsis. 1999-04-09 14:31:59 +00:00
kldstat.2 Fixed missing include in synopsis. 1999-04-09 14:31:59 +00:00
kldunload.2 Fixed missing include in synopsis. 1999-04-09 14:31:59 +00:00
ktrace.2 Revert $FreeBSD$ to $Id$ 1997-02-22 15:12:41 +00:00
link.2 Don't use undocumented markup "{}". Use 32767 instead of LINK_MAX to 1999-03-05 10:39:50 +00:00
listen.2 Typo: kern.somaxconn' -> kern.ipc.somaxconn' 1999-01-27 05:13:17 +00:00
lseek.2 Backed out lseek changes. 1998-04-19 22:20:32 +00:00
lseek.c Implement compile time thread lock debug. 1998-06-09 08:37:35 +00:00
madvise.2 Spelling nits. 1998-06-06 04:56:13 +00:00
Makefile.inc This Implements the mumbled about "Jail" feature. 1999-04-28 11:38:52 +00:00
mincore.2 Spelling nits. 1998-06-06 04:56:13 +00:00
minherit.2 EACESS -> EACCES 1999-03-15 00:14:57 +00:00
mkdir.2 Added #include <sys/types.h> to synopsis. 1998-01-20 03:52:49 +00:00
mkfifo.2 Added #include <sys/types.h> to synopsis. 1998-01-20 03:52:49 +00:00
mknod.2 Mention that you can only create a block or char special file using 1999-04-28 10:04:48 +00:00
mlock.2 Added cross references to mincore(2) and minherit(2). 1998-01-20 03:59:07 +00:00
mmap.2 Mostly remove the VM_STACK OPTION. 1999-01-26 02:49:52 +00:00
mmap.c Add #include <unistd.h> to get the prototype for __syscall(). 1998-03-09 07:27:58 +00:00
mount.2 Fixed references to unmount(2) specified as umount. 1999-03-05 15:16:31 +00:00
mprotect.2 Convert caddr_t --> void * for sys/mman.h functions. 1997-12-31 01:22:01 +00:00
msync.2 Correct wording on range of addresses examined by `msync(2)'. 1998-07-09 06:16:22 +00:00
munmap.2 Convert caddr_t --> void * for sys/mman.h functions. 1997-12-31 01:22:01 +00:00
nanosleep.2 Nuke signanosleep() 1998-05-14 11:36:16 +00:00
nfssvc.2 Fixed missing #include in synopsis. 1998-01-16 13:41:28 +00:00
open.2 Explain ENXIO error status with respect to fifos. 1999-03-07 18:45:35 +00:00
pathconf.2 Correctly use .Fn instead of .Nm to reference function names 1996-08-22 23:31:07 +00:00
pipe.2 Sort cross references. 1997-01-20 23:23:22 +00:00
poll.2 Fix a bunch of spelling errors. 1998-06-04 21:06:07 +00:00
pread.c Add wrappers for pread and pwrite syscalls. 1999-04-04 21:46:24 +00:00
profil.2 Show the real revision date and not the date that this 1997-06-23 04:03:49 +00:00
ptrace.2 Use the .Tn macro for generic FreeBSD references. Other minor cleanup. 1997-03-21 20:57:20 +00:00
pwrite.c Add wrappers for pread and pwrite syscalls. 1999-04-04 21:46:24 +00:00
quotactl.2 Forgot to add $Id$ and change date in previous commit. 1999-03-05 09:44:59 +00:00
read.2 Document pread() and pwrite(). 1999-04-11 21:14:40 +00:00
readlink.2 Revert $FreeBSD$ to $Id$ 1997-02-22 15:12:41 +00:00
reboot.2 Correctly use .Fn instead of .Nm to reference function names 1996-08-22 23:31:07 +00:00
recv.2 Document SCM_CREDS changes. 1997-03-21 16:52:05 +00:00
rename.2 Commit out caveat about hardlinks to directories since they are 1998-12-13 23:35:01 +00:00
revoke.2 Backed out most of previous commit to go with backing out support for 1999-01-24 06:43:30 +00:00
rfork.2 Enable Linux threads support by default. 1999-01-26 02:38:12 +00:00
rmdir.2 Remove the EINVAL error from the ERRORS sections that 1997-01-11 23:56:32 +00:00
rtprio.2 .Sh AUTHOR -> .Sh AUTHORS. Use .An/.Aq 1998-03-19 07:34:22 +00:00
sched_get_priority_max.2 Sort cross references. 1998-08-31 16:41:09 +00:00
sched_setparam.2 Sort cross references. 1998-08-31 16:41:09 +00:00
sched_setscheduler.2 Sort cross references. 1998-08-31 16:41:09 +00:00
sched_yield.2 Finish _POSIX_PRIORITY_SCHEDULING. Needs P1003_1B and 1998-03-28 11:51:01 +00:00
select.2 Describe what constitues an exceptional condition. 1998-08-24 01:09:34 +00:00
semctl.2 Use ellipsis in synopsis. 1998-09-12 01:27:34 +00:00
semget.2 Expanded cross references. 1998-01-02 19:22:52 +00:00
semop.2 Removed unnecessary quoting of function names in synopsis to simplify 1997-03-18 23:57:33 +00:00
send.2 Add a BUGS section and describe a problem I've been having for 1998-05-09 14:45:06 +00:00
sendfile.2 Added info about non-blocking support. 1998-11-06 19:35:58 +00:00
setgroups.2 Correctly use .Fn instead of .Nm to reference function names 1996-08-22 23:31:07 +00:00
setpgid.2 Proper spacing in the Synopsis. 1997-10-16 01:19:15 +00:00
setregid.2 Xref the new issetugid(2) man page where appropriate. 1997-04-01 18:58:38 +00:00
setreuid.2 Xref the new issetugid(2) man page where appropriate. 1997-04-01 18:58:38 +00:00
setsid.2 Removed superfluous quoting of function args. 1997-09-07 04:10:35 +00:00
setuid.2 Fix a bunch of spelling errors. 1998-06-04 21:06:07 +00:00
shmat.2 Removed unnecessary quoting of function names in synopsis to simplify 1997-03-18 23:57:33 +00:00
shmctl.2 Removed superfluous quoting of function args. 1997-09-07 04:10:35 +00:00
shmget.2 Removed unnecessary quoting of function names in synopsis to simplify 1997-03-18 23:57:33 +00:00
shutdown.2 Document the fact that shutdown(2) is expected to comply with Posix.1g, 1998-09-12 21:38:30 +00:00
sigaction.2 Mention which system interface functions are signal-safe. 1998-09-09 20:44:51 +00:00
sigaltstack.2 Updated type of ss_size in struct sigaltstack. 1999-01-01 12:22:11 +00:00
sigpending.2 upgrade STANDARDS from POSIX 1003.1-88 to 1003.1-90 using .St macro 1996-12-02 20:03:58 +00:00
sigprocmask.2 sigprocmask()' man page references sigmask()' in synopsis. 1998-04-26 06:19:24 +00:00
sigreturn.2 Update to reflect current include files. 1997-01-30 22:39:40 +00:00
sigstack.2 Correctly use .Fn instead of .Nm to reference function names 1996-08-22 23:31:07 +00:00
sigsuspend.2 Remove reference to signanosleep 1998-05-14 14:39:58 +00:00
socket.2 Expanded cross references. 1998-01-02 19:22:52 +00:00
socketpair.2 Sort cross references. 1997-01-20 23:23:22 +00:00
stat.2 Contains the para 1999-04-10 20:49:27 +00:00
statfs.2 Merge from Lite2 onto mainline - 1997-03-11 11:35:56 +00:00
swapon.2 Sort cross references. 1997-01-20 23:23:22 +00:00
symlink.2 Removed occurrences of consecutive repeated words (such as "the the"). 1999-02-12 02:12:08 +00:00
sync.2 Correctly use .Fn instead of .Nm to reference function names 1996-08-22 23:31:07 +00:00
sysarch.2 oops, forgot to do ``cvs add'' first. 1998-07-28 03:39:04 +00:00
syscall.2 Fixed return type of __syscall() in synopsis. 1997-04-11 18:54:05 +00:00
truncate.2 Remove the EINVAL error from the ERRORS sections that 1997-01-11 23:56:32 +00:00
truncate.c Fixed missing const. Include <unistd.h> so that the function type gets 1997-04-14 15:14:58 +00:00
umask.2 Revert $FreeBSD$ to $Id$ 1997-02-22 15:12:41 +00:00
undelete.2 Import CSRG 4.4BSD-Lite2 lib/libc onto vendor branch 1997-03-11 11:29:42 +00:00
unlink.2 Revert $FreeBSD$ to $Id$ 1997-02-22 15:12:41 +00:00
utimes.2 Remove the EINVAL error from the ERRORS sections that 1997-01-11 23:56:32 +00:00
vfork.2 Don't mention exit(3) in explanation; _exit(2) is a better choice. 1998-11-23 03:23:14 +00:00
wait.2 Expanded cross references. 1998-01-02 19:22:52 +00:00
write.2 Document pread() and pwrite(). 1999-04-11 21:14:40 +00:00