From owner-freebsd-jail@FreeBSD.ORG  Wed Feb 27 04:44:56 2013
Return-Path: <owner-freebsd-jail@FreeBSD.ORG>
Delivered-To: jail@FreeBSD.org
Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115])
 by hub.freebsd.org (Postfix) with ESMTP id CA08CFDF
 for <jail@FreeBSD.org>; Wed, 27 Feb 2013 04:44:56 +0000 (UTC)
 (envelope-from jamie@FreeBSD.org)
Received: from m2.gritton.org (gritton.org [199.192.164.235])
 by mx1.freebsd.org (Postfix) with ESMTP id 3548390A
 for <jail@FreeBSD.org>; Wed, 27 Feb 2013 04:44:55 +0000 (UTC)
Received: from glorfindel.gritton.org (c-174-52-130-157.hsd1.ut.comcast.net
 [174.52.130.157]) (authenticated bits=0)
 by m2.gritton.org (8.14.5/8.14.5) with ESMTP id r1R4ikae039835;
 Tue, 26 Feb 2013 21:44:46 -0700 (MST)
 (envelope-from jamie@FreeBSD.org)
Message-ID: <512D8F3C.4000000@FreeBSD.org>
Date: Tue, 26 Feb 2013 21:44:44 -0700
From: Jamie Gritton <jamie@FreeBSD.org>
User-Agent: Mozilla/5.0 (X11; U; FreeBSD amd64; en-US;
 rv:1.9.2.24) Gecko/20120129 Thunderbird/3.1.16
MIME-Version: 1.0
To: Andreas Nilsson <andrnils@gmail.com>
Subject: Re: vnet jails and rc-scripts
References: <CAPS9+Su7HtMjgTJTZr5fwaDUbQVHPBjBini2g+60AbJHkUe9MA@mail.gmail.com>
 <13CA24D6AB415D428143D44749F57D7201EADE8B@ltcfiswmsgmb21>
 <CAPS9+SueNAEBCZWYW+eE8sbHgrbdJoYa2b0QaQz9FOCmqzofJw@mail.gmail.com>
In-Reply-To: <CAPS9+SueNAEBCZWYW+eE8sbHgrbdJoYa2b0QaQz9FOCmqzofJw@mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: freebsd-jail <jail@FreeBSD.org>
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-jail>,
 <mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
 <mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 27 Feb 2013 04:44:56 -0000

On 02/26/13 01:56, Andreas Nilsson wrote:

> However I still don't get the purpose of the security.jail.param.*. Are the
> to be set in loader.conf/sysctl.conf to influence default config of jails,
> or are the supposed to be per-jail ( from inside jail ) carriers of config?
> The PR seems to indicate it's not really clear.
>
> Also, man jail says:
> "The current set of available parameters can be
>       retrieved via ``sysctl -d security.jail.param''.  Any parameters not
> set
>       will be given default values, often based on the current environment.
>       The core parameters are:
> "
> and then lists some. For example jid. I take that to mean that the value
>   of security.jail.param.jid from inside jail should return the jid of the
> jail. I just get 0. And security.jail.param.path is 1024, which is not at
> all the path of the jail... There seems to be quite a discrepancy between
> manpage and implementation.

The bit that the man page says is in fact the entire (user-visible) user
for those sysctls: they're just there to show what parameters are
available, and what types they are. Actually, they also show jail(8) the
same thing, and that's how it knows what parameters exist.

But the parameters don't actually have any useful values. Only their
types, sizes and descriptions are valid.

- Jamie