Date: Wed, 06 Feb 2013 11:59:06 -0500 From: Fbsd8 <fbsd8@a1poweruser.com> To: Waitman Gobble <gobble.wa@gmail.com> Cc: FreeBSD questions <questions@freebsd.org> Subject: Re: sysctl security.jail.* descriptions Message-ID: <51128BDA.2080605@a1poweruser.com> In-Reply-To: <51128593.3080406@a1poweruser.com> References: <5112706B.8080707@a1poweruser.com> <CAFuo_fz8uB_4Vu671Y=dot=EnF%2BzhO_%2BsR21XX3GKdNooZy2AA@mail.gmail.com> <511273F6.7010801@a1poweruser.com> <CAFuo_fyrvidBaqsT82AmD3b0OzAgno6rxUQzFXPjAZa5eL-ddA@mail.gmail.com> <51128593.3080406@a1poweruser.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Fbsd8 wrote: > Waitman Gobble wrote: >> On Feb 6, 2013 7:17 AM, "Fbsd8" <fbsd8@a1poweruser.com> wrote: >>> Waitman Gobble wrote: >>>> On Feb 6, 2013 7:02 AM, "Fbsd8" <fbsd8@a1poweruser.com> wrote: >>>>> Where do I find the descriptions of what these jail MIBs do? >>>>> >>>>> >>>>> security.jail.param.allow.mount.zfs: 0 >>>>> security.jail.param.allow.mount.procfs: 0 >>>>> security.jail.param.allow.mount.nullfs: 0 >>>>> security.jail.param.allow.mount.devfs: 0 >>>>> security.jail.param.allow.mount.: 0 >>>>> security.jail.param.allow.socket_af: 0 >>>>> security.jail.param.allow.quotas: 0 >>>>> security.jail.param.allow.chflags: 0 >>>>> security.jail.param.allow.raw_sockets: 0 >>>>> security.jail.param.allow.sysvipc: 0 >>>>> security.jail.param.allow.set_hostname: 0 >>>>> security.jail.param.ip6.saddrsel: 0 >>>>> security.jail.param.ip6.: 0 >>>>> security.jail.param.ip4.saddrsel: 0 >>>>> security.jail.param.ip4.: 0 >>>>> security.jail.param.cpuset.id: 0 >>>>> security.jail.param.host.hostid: 0 >>>>> security.jail.param.host.hostuuid: 64 >>>>> security.jail.param.host.domainname: 256 >>>>> security.jail.param.host.hostname: 256 >>>>> security.jail.param.host.: 0 >>>>> security.jail.param.children.max: 0 >>>>> security.jail.param.children.cur: 0 >>>>> security.jail.param.dying: 0 >>>>> security.jail.param.persist: 0 >>>>> security.jail.param.devfs_ruleset: 0 >>>>> security.jail.param.enforce_statfs: 0 >>>>> security.jail.param.securelevel: 0 >>>>> security.jail.param.path: 1024 >>>>> security.jail.param.name: 256 >>>>> security.jail.param.parent: 0 >>>>> security.jail.param.jid: 0 >>>>> security.jail.devfs_ruleset: 0 >>>>> security.jail.enforce_statfs: 2 >>>>> security.jail.mount_zfs_allowed: 0 >>>>> security.jail.mount_procfs_allowed: 0 >>>>> security.jail.mount_nullfs_allowed: 0 >>>>> security.jail.mount_devfs_allowed: 0 >>>>> security.jail.mount_allowed: 0 >>>>> security.jail.chflags_allowed: 0 >>>>> security.jail.allow_raw_sockets: 0 >>>>> security.jail.sysvipc_allowed: 0 >>>>> security.jail.socket_unixiproute_only: 1 >>>>> security.jail.set_hostname_allowed: 1 >>>>> security.jail.jail_max_af_ips: 255 >>>>> security.jail.jailed: 0 >>>>> >>>> >>>> Did you try the man page? Also there is often interesting comments in >>>> /usr/src >>>> >>>> Hope that helps. >>>> >>>> Waitman Gobble >>>> San Jose California >>>> >>>> >>> There are no man pages for any MIBs >>> >> >> Sorry, but im not at a computer now to check, but I believe it would >> be in >> the «jail» man page. Hopefully that's the right 411. >> >> Waitman >> >> > > > man jail only talks about these few MIBs security.jail.mount_zfs_allowed: 0 > security.jail.mount_procfs_allowed: 0 > security.jail.mount_nullfs_allowed: 0 > security.jail.mount_devfs_allowed: 0 > security.jail.mount_allowed: 0 > security.jail.chflags_allowed: 0 > security.jail.allow_raw_sockets: 0 > security.jail.sysvipc_allowed: 0 > security.jail.socket_unixiproute_only: 1 > security.jail.set_hostname_allowed: 1 > security.jail.jail_max_af_ips: 255 > security.jail.jailed: 0 > > which are set from the host only. > > What about the other security.jail.param.* MIBs > where are they documented at? > Rereading the "man jail" for 9.1 talks about securelevel as a jail parammeter. So correct me if I an wrong. All the security.jail.param.* MIBs are set in rc.conf or /etc/jail.conf file on a per jail bases by changing the word "parm" to the jailname?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?51128BDA.2080605>