Date: Thu, 07 Feb 2013 07:55:02 -0500 From: Fbsd8 <fbsd8@a1poweruser.com> To: Jamie Gritton <jamie@FreeBSD.org> Cc: FreeBSD questions <questions@FreeBSD.org>, Waitman Gobble <gobble.wa@gmail.com> Subject: Re: sysctl security.jail.* descriptions Message-ID: <5113A426.8080207@a1poweruser.com> In-Reply-To: <51131C8C.10605@FreeBSD.org> References: <5112706B.8080707@a1poweruser.com> <CAFuo_fz8uB_4Vu671Y=dot=EnF%2BzhO_%2BsR21XX3GKdNooZy2AA@mail.gmail.com> <511273F6.7010801@a1poweruser.com> <CAFuo_fyrvidBaqsT82AmD3b0OzAgno6rxUQzFXPjAZa5eL-ddA@mail.gmail.com> <51128593.3080406@a1poweruser.com> <51128BDA.2080605@a1poweruser.com> <51131C8C.10605@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Jamie Gritton wrote: > On 02/06/13 09:59, Fbsd8 wrote: > > Fbsd8 wrote: > >> Waitman Gobble wrote: > >>> On Feb 6, 2013 7:17 AM, "Fbsd8" <fbsd8@a1poweruser.com> wrote: > >>>> Waitman Gobble wrote: > >>>>> On Feb 6, 2013 7:02 AM, "Fbsd8" <fbsd8@a1poweruser.com> wrote: > >>>>>> Where do I find the descriptions of what these jail MIBs do? > ... > >>>>>> security.jail.param.securelevel: 0 > >>>>>> security.jail.param.path: 1024 > >>>>>> security.jail.param.name: 256 > >>>>>> security.jail.param.parent: 0 > >>>>>> security.jail.param.jid: 0 > ... > >> > >> What about the other security.jail.param.* MIBs > >> where are they documented at? > > In the jail(8) main page, there's the following tidbit: > > | Jails have a set a core parameters, and kernel modules can add their > | own jail parameters. The current set of available parameters can be > | retrieved via ``sysctl -d security.jail.param''. Any parameters not > | set will be given default values, often based on the current > | environment. > > The sysctls do not themselves have values. Their useful parts are the > associated types and descriptions (as well as their very existence). The > descriptions are good for the above-mentioned "sysctl -d", and the types > are used by jail(8) to know how to set a particular parameter. > >> Rereading the "man jail" for 9.1 talks about securelevel as a jail >> parammeter. So correct me if I an wrong. All the >> security.jail.param.* MIBs are set in rc.conf or /etc/jail.conf file >> on a per jail bases by changing the word "parm" to the jailname? > > There's not always a direct connection between the jail parameters and > the current rc.conf values. The jail parameters are what you'd use in a > jail.conf(5) file, or in the "jail_jailname_parameters" rc variable. > > - Jamie > Yes I read man jail and issued the "sysctl -d" to get the list of MIBs I posted. So I am still left with no explanation of HOW to code these new jail MIBs in 9.X to enable them on a per jail bases. Any thoughts on how to do that?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5113A426.8080207>