From owner-freebsd-questions@FreeBSD.ORG Thu Feb 7 12:55:58 2013 Return-Path: Delivered-To: questions@FreeBSD.org Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115]) by hub.freebsd.org (Postfix) with ESMTP id 2CDB1C7D; Thu, 7 Feb 2013 12:55:58 +0000 (UTC) (envelope-from fbsd8@a1poweruser.com) Received: from mail-03.name-services.com (mail-03.name-services.com [69.64.155.195]) by mx1.freebsd.org (Postfix) with ESMTP id DC2DBC04; Thu, 7 Feb 2013 12:55:57 +0000 (UTC) Received: from [10.0.10.3] ([173.88.202.176]) by mail-03.name-services.com with Microsoft SMTPSVC(6.0.3790.4675); Thu, 7 Feb 2013 04:55:56 -0800 Message-ID: <5113A426.8080207@a1poweruser.com> Date: Thu, 07 Feb 2013 07:55:02 -0500 From: Fbsd8 User-Agent: Thunderbird 2.0.0.17 (Windows/20080914) MIME-Version: 1.0 To: Jamie Gritton Subject: Re: sysctl security.jail.* descriptions References: <5112706B.8080707@a1poweruser.com> <511273F6.7010801@a1poweruser.com> <51128593.3080406@a1poweruser.com> <51128BDA.2080605@a1poweruser.com> <51131C8C.10605@FreeBSD.org> In-Reply-To: <51131C8C.10605@FreeBSD.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-OriginalArrivalTime: 07 Feb 2013 12:55:56.0244 (UTC) FILETIME=[7823D140:01CE0532] X-Sender: fbsd8@a1poweruser.com X-Authenticated-Sender: fbsd8@a1poweruser.com X-EchoSenderHash: [fbsd8]-[a1poweruser*com] Cc: FreeBSD questions , Waitman Gobble X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 07 Feb 2013 12:55:58 -0000 Jamie Gritton wrote: > On 02/06/13 09:59, Fbsd8 wrote: > > Fbsd8 wrote: > >> Waitman Gobble wrote: > >>> On Feb 6, 2013 7:17 AM, "Fbsd8" wrote: > >>>> Waitman Gobble wrote: > >>>>> On Feb 6, 2013 7:02 AM, "Fbsd8" wrote: > >>>>>> Where do I find the descriptions of what these jail MIBs do? > ... > >>>>>> security.jail.param.securelevel: 0 > >>>>>> security.jail.param.path: 1024 > >>>>>> security.jail.param.name: 256 > >>>>>> security.jail.param.parent: 0 > >>>>>> security.jail.param.jid: 0 > ... > >> > >> What about the other security.jail.param.* MIBs > >> where are they documented at? > > In the jail(8) main page, there's the following tidbit: > > | Jails have a set a core parameters, and kernel modules can add their > | own jail parameters. The current set of available parameters can be > | retrieved via ``sysctl -d security.jail.param''. Any parameters not > | set will be given default values, often based on the current > | environment. > > The sysctls do not themselves have values. Their useful parts are the > associated types and descriptions (as well as their very existence). The > descriptions are good for the above-mentioned "sysctl -d", and the types > are used by jail(8) to know how to set a particular parameter. > >> Rereading the "man jail" for 9.1 talks about securelevel as a jail >> parammeter. So correct me if I an wrong. All the >> security.jail.param.* MIBs are set in rc.conf or /etc/jail.conf file >> on a per jail bases by changing the word "parm" to the jailname? > > There's not always a direct connection between the jail parameters and > the current rc.conf values. The jail parameters are what you'd use in a > jail.conf(5) file, or in the "jail_jailname_parameters" rc variable. > > - Jamie > Yes I read man jail and issued the "sysctl -d" to get the list of MIBs I posted. So I am still left with no explanation of HOW to code these new jail MIBs in 9.X to enable them on a per jail bases. Any thoughts on how to do that?