From owner-freebsd-questions@FreeBSD.ORG  Wed Feb  6 16:32:22 2013
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: questions@freebsd.org
Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115])
 by hub.freebsd.org (Postfix) with ESMTP id B4130FBC
 for <questions@freebsd.org>; Wed,  6 Feb 2013 16:32:22 +0000 (UTC)
 (envelope-from fbsd8@a1poweruser.com)
Received: from mail-03.name-services.com (mail-03.name-services.com
 [69.64.155.195]) by mx1.freebsd.org (Postfix) with ESMTP id 7679D79E
 for <questions@freebsd.org>; Wed,  6 Feb 2013 16:32:22 +0000 (UTC)
Received: from [10.0.10.3] ([173.88.197.103]) by mail-03.name-services.com
 with Microsoft SMTPSVC(6.0.3790.4675); 
 Wed, 6 Feb 2013 08:32:22 -0800
Message-ID: <51128593.3080406@a1poweruser.com>
Date: Wed, 06 Feb 2013 11:32:19 -0500
From: Fbsd8 <fbsd8@a1poweruser.com>
User-Agent: Thunderbird 2.0.0.17 (Windows/20080914)
MIME-Version: 1.0
To: Waitman Gobble <gobble.wa@gmail.com>
Subject: Re: sysctl security.jail.* descriptions
References: <5112706B.8080707@a1poweruser.com>
 <CAFuo_fz8uB_4Vu671Y=dot=EnF+zhO_+sR21XX3GKdNooZy2AA@mail.gmail.com>
 <511273F6.7010801@a1poweruser.com>
 <CAFuo_fyrvidBaqsT82AmD3b0OzAgno6rxUQzFXPjAZa5eL-ddA@mail.gmail.com>
In-Reply-To: <CAFuo_fyrvidBaqsT82AmD3b0OzAgno6rxUQzFXPjAZa5eL-ddA@mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 8bit
X-OriginalArrivalTime: 06 Feb 2013 16:32:22.0965 (UTC)
 FILETIME=[8A6A6E50:01CE0487]
X-Sender: fbsd8@a1poweruser.com
X-Authenticated-Sender: fbsd8@a1poweruser.com
X-EchoSenderHash: [fbsd8]-[a1poweruser*com]
Cc: FreeBSD questions <questions@freebsd.org>
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 06 Feb 2013 16:32:22 -0000

Waitman Gobble wrote:
> On Feb 6, 2013 7:17 AM, "Fbsd8" <fbsd8@a1poweruser.com> wrote:
>> Waitman Gobble wrote:
>>> On Feb 6, 2013 7:02 AM, "Fbsd8" <fbsd8@a1poweruser.com> wrote:
>>>> Where do I find the descriptions of what these jail MIBs do?
>>>>
>>>>
>>>> security.jail.param.allow.mount.zfs: 0
>>>> security.jail.param.allow.mount.procfs: 0
>>>> security.jail.param.allow.mount.nullfs: 0
>>>> security.jail.param.allow.mount.devfs: 0
>>>> security.jail.param.allow.mount.: 0
>>>> security.jail.param.allow.socket_af: 0
>>>> security.jail.param.allow.quotas: 0
>>>> security.jail.param.allow.chflags: 0
>>>> security.jail.param.allow.raw_sockets: 0
>>>> security.jail.param.allow.sysvipc: 0
>>>> security.jail.param.allow.set_hostname: 0
>>>> security.jail.param.ip6.saddrsel: 0
>>>> security.jail.param.ip6.: 0
>>>> security.jail.param.ip4.saddrsel: 0
>>>> security.jail.param.ip4.: 0
>>>> security.jail.param.cpuset.id: 0
>>>> security.jail.param.host.hostid: 0
>>>> security.jail.param.host.hostuuid: 64
>>>> security.jail.param.host.domainname: 256
>>>> security.jail.param.host.hostname: 256
>>>> security.jail.param.host.: 0
>>>> security.jail.param.children.max: 0
>>>> security.jail.param.children.cur: 0
>>>> security.jail.param.dying: 0
>>>> security.jail.param.persist: 0
>>>> security.jail.param.devfs_ruleset: 0
>>>> security.jail.param.enforce_statfs: 0
>>>> security.jail.param.securelevel: 0
>>>> security.jail.param.path: 1024
>>>> security.jail.param.name: 256
>>>> security.jail.param.parent: 0
>>>> security.jail.param.jid: 0
>>>> security.jail.devfs_ruleset: 0
>>>> security.jail.enforce_statfs: 2
>>>> security.jail.mount_zfs_allowed: 0
>>>> security.jail.mount_procfs_allowed: 0
>>>> security.jail.mount_nullfs_allowed: 0
>>>> security.jail.mount_devfs_allowed: 0
>>>> security.jail.mount_allowed: 0
>>>> security.jail.chflags_allowed: 0
>>>> security.jail.allow_raw_sockets: 0
>>>> security.jail.sysvipc_allowed: 0
>>>> security.jail.socket_unixiproute_only: 1
>>>> security.jail.set_hostname_allowed: 1
>>>> security.jail.jail_max_af_ips: 255
>>>> security.jail.jailed: 0
>>>>
>>>
>>> Did you try the man page? Also there is often interesting comments in
>>> /usr/src
>>>
>>> Hope that helps.
>>>
>>> Waitman Gobble
>>> San Jose California
>>>
>>>
>> There are no man pages for any MIBs
>>
> 
> Sorry, but im not at a computer now to check, but I believe it would be in
> the «jail» man page. Hopefully that's the right 411.
> 
> Waitman
> 
> 


man jail only talks about these few MIBs security.jail.mount_zfs_allowed: 0
security.jail.mount_procfs_allowed: 0
security.jail.mount_nullfs_allowed: 0
security.jail.mount_devfs_allowed: 0
security.jail.mount_allowed: 0
security.jail.chflags_allowed: 0
security.jail.allow_raw_sockets: 0
security.jail.sysvipc_allowed: 0
security.jail.socket_unixiproute_only: 1
security.jail.set_hostname_allowed: 1
security.jail.jail_max_af_ips: 255
security.jail.jailed: 0

which are set from the host only.

What about the other security.jail.param.* MIBs
where are they documented at?