vnet jails and rc-scripts
Jamie Gritton
jamie at FreeBSD.org
Wed Feb 27 04:44:56 UTC 2013
On 02/26/13 01:56, Andreas Nilsson wrote:
> However I still don't get the purpose of the security.jail.param.*. Are the
> to be set in loader.conf/sysctl.conf to influence default config of jails,
> or are the supposed to be per-jail ( from inside jail ) carriers of config?
> The PR seems to indicate it's not really clear.
>
> Also, man jail says:
> "The current set of available parameters can be
> retrieved via ``sysctl -d security.jail.param''. Any parameters not
> set
> will be given default values, often based on the current environment.
> The core parameters are:
> "
> and then lists some. For example jid. I take that to mean that the value
> of security.jail.param.jid from inside jail should return the jid of the
> jail. I just get 0. And security.jail.param.path is 1024, which is not at
> all the path of the jail... There seems to be quite a discrepancy between
> manpage and implementation.
The bit that the man page says is in fact the entire (user-visible) user
for those sysctls: they're just there to show what parameters are
available, and what types they are. Actually, they also show jail(8) the
same thing, and that's how it knows what parameters exist.
But the parameters don't actually have any useful values. Only their
types, sizes and descriptions are valid.
- Jamie
More information about the freebsd-jail
mailing list