From owner-freebsd-questions@FreeBSD.ORG Thu Feb 7 13:39:44 2013 Return-Path: Delivered-To: questions@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by hub.freebsd.org (Postfix) with ESMTP id B447CD9F for ; Thu, 7 Feb 2013 13:39:44 +0000 (UTC) (envelope-from jamie@FreeBSD.org) Received: from m2.gritton.org (gritton.org [199.192.164.235]) by mx1.freebsd.org (Postfix) with ESMTP id 74BB9ECB for ; Thu, 7 Feb 2013 13:39:44 +0000 (UTC) Received: from glorfindel.gritton.org (c-174-52-130-157.hsd1.ut.comcast.net [174.52.130.157]) (authenticated bits=0) by m2.gritton.org (8.14.5/8.14.5) with ESMTP id r17Ddf9q088840; Thu, 7 Feb 2013 06:39:42 -0700 (MST) (envelope-from jamie@FreeBSD.org) Message-ID: <5113AE9B.4030201@FreeBSD.org> Date: Thu, 07 Feb 2013 06:39:39 -0700 From: Jamie Gritton User-Agent: Mozilla/5.0 (X11; U; FreeBSD amd64; en-US; rv:1.9.2.24) Gecko/20120129 Thunderbird/3.1.16 MIME-Version: 1.0 To: Fbsd8 Subject: Re: sysctl security.jail.* descriptions References: <5112706B.8080707@a1poweruser.com> <511273F6.7010801@a1poweruser.com> <51128593.3080406@a1poweruser.com> <51128BDA.2080605@a1poweruser.com> <51131C8C.10605@FreeBSD.org> <5113A426.8080207@a1poweruser.com> In-Reply-To: <5113A426.8080207@a1poweruser.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: FreeBSD questions , Waitman Gobble X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 07 Feb 2013 13:39:44 -0000 On 02/07/13 05:55, Fbsd8 wrote: > Jamie Gritton wrote: >> On 02/06/13 09:59, Fbsd8 wrote: >> > Fbsd8 wrote: >> >> Waitman Gobble wrote: >> >>> On Feb 6, 2013 7:17 AM, "Fbsd8" wrote: >> >>>> Waitman Gobble wrote: >> >>>>> On Feb 6, 2013 7:02 AM, "Fbsd8" wrote: >> >>>>>> Where do I find the descriptions of what these jail MIBs do? >> ... >> >>>>>> security.jail.param.securelevel: 0 >> >>>>>> security.jail.param.path: 1024 >> >>>>>> security.jail.param.name: 256 >> >>>>>> security.jail.param.parent: 0 >> >>>>>> security.jail.param.jid: 0 >> ... >> >> >> >> What about the other security.jail.param.* MIBs >> >> where are they documented at? >> >> In the jail(8) main page, there's the following tidbit: >> >> | Jails have a set a core parameters, and kernel modules can add their >> | own jail parameters. The current set of available parameters can be >> | retrieved via ``sysctl -d security.jail.param''. Any parameters not >> | set will be given default values, often based on the current >> | environment. >> >> The sysctls do not themselves have values. Their useful parts are the >> associated types and descriptions (as well as their very existence). The >> descriptions are good for the above-mentioned "sysctl -d", and the types >> are used by jail(8) to know how to set a particular parameter. >> >>> Rereading the "man jail" for 9.1 talks about securelevel as a jail >>> parammeter. So correct me if I an wrong. All the >>> security.jail.param.* MIBs are set in rc.conf or /etc/jail.conf file >>> on a per jail bases by changing the word "parm" to the jailname? >> >> There's not always a direct connection between the jail parameters and >> the current rc.conf values. The jail parameters are what you'd use in a >> jail.conf(5) file, or in the "jail_jailname_parameters" rc variable. >> >> - Jamie >> > > Yes I read man jail and issued the "sysctl -d" to get the list of MIBs I > posted. So I am still left with no explanation of HOW to code these new > jail MIBs in 9.X to enable them on a per jail bases. > > Any thoughts on how to do that? Well the jail(8) man page is all about setting these parameters. You might also want to take a look at jail.conf(5) which I mentioned. But don't think of them as MIBs anymore - the "-d" is the only thing you'll have to do directly with the sysctls. - Jamie