From owner-svn-src-projects@FreeBSD.ORG Wed Oct 20 21:19:37 2010 Return-Path: Delivered-To: svn-src-projects@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 439011065674; Wed, 20 Oct 2010 21:19:37 +0000 (UTC) (envelope-from jamie@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id 180BE8FC1F; Wed, 20 Oct 2010 21:19:37 +0000 (UTC) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.3/8.14.3) with ESMTP id o9KLJaXM069217; Wed, 20 Oct 2010 21:19:36 GMT (envelope-from jamie@svn.freebsd.org) Received: (from jamie@localhost) by svn.freebsd.org (8.14.3/8.14.3/Submit) id o9KLJaZi069215; Wed, 20 Oct 2010 21:19:36 GMT (envelope-from jamie@svn.freebsd.org) Message-Id: <201010202119.o9KLJaZi069215@svn.freebsd.org> From: Jamie Gritton Date: Wed, 20 Oct 2010 21:19:36 +0000 (UTC) To: src-committers@freebsd.org, svn-src-projects@freebsd.org X-SVN-Group: projects MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r214121 - projects/jailconf/lib/libc/sys X-BeenThere: svn-src-projects@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "SVN commit messages for the src " projects" tree" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 20 Oct 2010 21:19:37 -0000 Author: jamie Date: Wed Oct 20 21:19:36 2010 New Revision: 214121 URL: http://svn.freebsd.org/changeset/base/214121 Log: Remove a section that went to jail(8), and fix a small grammar error. Modified: projects/jailconf/lib/libc/sys/jail.2 Modified: projects/jailconf/lib/libc/sys/jail.2 ============================================================================== --- projects/jailconf/lib/libc/sys/jail.2 Wed Oct 20 21:18:21 2010 (r214120) +++ projects/jailconf/lib/libc/sys/jail.2 Wed Oct 20 21:19:36 2010 (r214121) @@ -247,44 +247,6 @@ They return \-1 on failure, and set to indicate the error. .Pp .Rv -std jail_attach jail_remove -.Sh PRISON? -Once a process has been put in a prison, it and its descendants cannot escape -the prison. -.Pp -Inside the prison, the concept of -.Dq superuser -is very diluted. -In general, -it can be assumed that nothing can be mangled from inside a prison which -does not exist entirely inside that prison. -For instance the directory -tree below -.Dq Li path -can be manipulated all the ways a root can normally do it, including -.Dq Li "rm -rf /*" -but new device special nodes cannot be created because they reference -shared resources (the device drivers in the kernel). -The effective -.Dq securelevel -for a process is the greater of the global -.Dq securelevel -or, if present, the per-jail -.Dq securelevel . -.Pp -All IP activity will be forced to happen to/from the IP number specified, -which should be an alias on one of the network interfaces. -All connections to/from the loopback address -.Pf ( Li 127.0.0.1 -for IPv4, -.Li ::1 -for IPv6) will be changed to be to/from the primary address -of the jail for the given address family. -.Pp -It is possible to identify a process as jailed by examining -.Dq Li /proc//status : -it will show a field near the end of the line, either as -a single hyphen for a process at large, or the name currently -set for the prison for jailed processes. .Sh ERRORS The .Fn jail @@ -413,7 +375,7 @@ and .Fn jail_attach call .Xr chroot 2 -internally, so it can fail for all the same reasons. +internally, so they can fail for all the same reasons. Please consult the .Xr chroot 2 manual page for details.