sysctl security.jail.* descriptions

Jamie Gritton jamie at
Thu Feb 7 03:20:47 UTC 2013

On 02/06/13 09:59, Fbsd8 wrote:
 > Fbsd8 wrote:
 >> Waitman Gobble wrote:
 >>> On Feb 6, 2013 7:17 AM, "Fbsd8" <fbsd8 at> wrote:
 >>>> Waitman Gobble wrote:
 >>>>> On Feb 6, 2013 7:02 AM, "Fbsd8" <fbsd8 at> wrote:
 >>>>>> Where do I find the descriptions of what these jail MIBs do?
 >>>>>> security.jail.param.securelevel: 0
 >>>>>> security.jail.param.path: 1024
 >>>>>> 256
 >>>>>> security.jail.param.parent: 0
 >>>>>> security.jail.param.jid: 0
 >> What about the other security.jail.param.* MIBs
 >> where are they documented at?

In the jail(8) main page, there's the following tidbit:

| Jails have a set a core parameters, and kernel modules can add their
| own jail parameters. The current set of available parameters can be
| retrieved via ``sysctl -d security.jail.param''. Any parameters not
| set will be given default values, often based on the current
| environment.

The sysctls do not themselves have values. Their useful parts are the
associated types and descriptions (as well as their very existence). The
descriptions are good for the above-mentioned "sysctl -d", and the types
are used by jail(8) to know how to set a particular parameter.

> Rereading the "man jail" for 9.1 talks about securelevel as a jail
> parammeter. So correct me if I an wrong. All the
> security.jail.param.* MIBs are set in rc.conf or /etc/jail.conf file
> on a per jail bases by changing the word "parm" to the jailname?

There's not always a direct connection between the jail parameters and
the current rc.conf values. The jail parameters are what you'd use in a
jail.conf(5) file, or in the "jail_jailname_parameters" rc variable.

- Jamie

More information about the freebsd-questions mailing list