sysctl security.jail.* descriptions
Jamie Gritton
jamie at FreeBSD.org
Thu Feb 7 03:20:47 UTC 2013
On 02/06/13 09:59, Fbsd8 wrote:
> Fbsd8 wrote:
>> Waitman Gobble wrote:
>>> On Feb 6, 2013 7:17 AM, "Fbsd8" <fbsd8 at a1poweruser.com> wrote:
>>>> Waitman Gobble wrote:
>>>>> On Feb 6, 2013 7:02 AM, "Fbsd8" <fbsd8 at a1poweruser.com> wrote:
>>>>>> Where do I find the descriptions of what these jail MIBs do?
...
>>>>>> security.jail.param.securelevel: 0
>>>>>> security.jail.param.path: 1024
>>>>>> security.jail.param.name: 256
>>>>>> security.jail.param.parent: 0
>>>>>> security.jail.param.jid: 0
...
>>
>> What about the other security.jail.param.* MIBs
>> where are they documented at?
In the jail(8) main page, there's the following tidbit:
| Jails have a set a core parameters, and kernel modules can add their
| own jail parameters. The current set of available parameters can be
| retrieved via ``sysctl -d security.jail.param''. Any parameters not
| set will be given default values, often based on the current
| environment.
The sysctls do not themselves have values. Their useful parts are the
associated types and descriptions (as well as their very existence). The
descriptions are good for the above-mentioned "sysctl -d", and the types
are used by jail(8) to know how to set a particular parameter.
> Rereading the "man jail" for 9.1 talks about securelevel as a jail
> parammeter. So correct me if I an wrong. All the
> security.jail.param.* MIBs are set in rc.conf or /etc/jail.conf file
> on a per jail bases by changing the word "parm" to the jailname?
There's not always a direct connection between the jail parameters and
the current rc.conf values. The jail parameters are what you'd use in a
jail.conf(5) file, or in the "jail_jailname_parameters" rc variable.
- Jamie
More information about the freebsd-questions
mailing list