sysctl security.jail.* descriptions

Fbsd8 fbsd8 at a1poweruser.com
Wed Feb 6 16:59:08 UTC 2013 

Fbsd8 wrote:
> Waitman Gobble wrote:
>> On Feb 6, 2013 7:17 AM, "Fbsd8" <fbsd8 at a1poweruser.com> wrote:
>>> Waitman Gobble wrote:
>>>> On Feb 6, 2013 7:02 AM, "Fbsd8" <fbsd8 at a1poweruser.com> wrote:
>>>>> Where do I find the descriptions of what these jail MIBs do?
>>>>>
>>>>>
>>>>> security.jail.param.allow.mount.zfs: 0
>>>>> security.jail.param.allow.mount.procfs: 0
>>>>> security.jail.param.allow.mount.nullfs: 0
>>>>> security.jail.param.allow.mount.devfs: 0
>>>>> security.jail.param.allow.mount.: 0
>>>>> security.jail.param.allow.socket_af: 0
>>>>> security.jail.param.allow.quotas: 0
>>>>> security.jail.param.allow.chflags: 0
>>>>> security.jail.param.allow.raw_sockets: 0
>>>>> security.jail.param.allow.sysvipc: 0
>>>>> security.jail.param.allow.set_hostname: 0
>>>>> security.jail.param.ip6.saddrsel: 0
>>>>> security.jail.param.ip6.: 0
>>>>> security.jail.param.ip4.saddrsel: 0
>>>>> security.jail.param.ip4.: 0
>>>>> security.jail.param.cpuset.id: 0
>>>>> security.jail.param.host.hostid: 0
>>>>> security.jail.param.host.hostuuid: 64
>>>>> security.jail.param.host.domainname: 256
>>>>> security.jail.param.host.hostname: 256
>>>>> security.jail.param.host.: 0
>>>>> security.jail.param.children.max: 0
>>>>> security.jail.param.children.cur: 0
>>>>> security.jail.param.dying: 0
>>>>> security.jail.param.persist: 0
>>>>> security.jail.param.devfs_ruleset: 0
>>>>> security.jail.param.enforce_statfs: 0
>>>>> security.jail.param.securelevel: 0
>>>>> security.jail.param.path: 1024
>>>>> security.jail.param.name: 256
>>>>> security.jail.param.parent: 0
>>>>> security.jail.param.jid: 0
>>>>> security.jail.devfs_ruleset: 0
>>>>> security.jail.enforce_statfs: 2
>>>>> security.jail.mount_zfs_allowed: 0
>>>>> security.jail.mount_procfs_allowed: 0
>>>>> security.jail.mount_nullfs_allowed: 0
>>>>> security.jail.mount_devfs_allowed: 0
>>>>> security.jail.mount_allowed: 0
>>>>> security.jail.chflags_allowed: 0
>>>>> security.jail.allow_raw_sockets: 0
>>>>> security.jail.sysvipc_allowed: 0
>>>>> security.jail.socket_unixiproute_only: 1
>>>>> security.jail.set_hostname_allowed: 1
>>>>> security.jail.jail_max_af_ips: 255
>>>>> security.jail.jailed: 0
>>>>>
>>>>
>>>> Did you try the man page? Also there is often interesting comments in
>>>> /usr/src
>>>>
>>>> Hope that helps.
>>>>
>>>> Waitman Gobble
>>>> San Jose California
>>>>
>>>>
>>> There are no man pages for any MIBs
>>>
>>
>> Sorry, but im not at a computer now to check, but I believe it would 
>> be in
>> the «jail» man page. Hopefully that's the right 411.
>>
>> Waitman
>>
>>
> 
> 
> man jail only talks about these few MIBs security.jail.mount_zfs_allowed: 0
> security.jail.mount_procfs_allowed: 0
> security.jail.mount_nullfs_allowed: 0
> security.jail.mount_devfs_allowed: 0
> security.jail.mount_allowed: 0
> security.jail.chflags_allowed: 0
> security.jail.allow_raw_sockets: 0
> security.jail.sysvipc_allowed: 0
> security.jail.socket_unixiproute_only: 1
> security.jail.set_hostname_allowed: 1
> security.jail.jail_max_af_ips: 255
> security.jail.jailed: 0
> 
> which are set from the host only.
> 
> What about the other security.jail.param.* MIBs
> where are they documented at?
> 

Rereading the  "man jail" for 9.1 talks about securelevel as a jail 
parammeter. So correct me if I an wrong. All the security.jail.param.* 
MIBs are set in rc.conf or /etc/jail.conf file on a per jail bases by
changing the word "parm" to the jailname?

More information about the freebsd-questions mailing list