sysctl security.jail.* descriptions
jamie at FreeBSD.org
Thu Feb 7 13:39:44 UTC 2013
On 02/07/13 05:55, Fbsd8 wrote:
> Jamie Gritton wrote:
>> On 02/06/13 09:59, Fbsd8 wrote:
>> > Fbsd8 wrote:
>> >> Waitman Gobble wrote:
>> >>> On Feb 6, 2013 7:17 AM, "Fbsd8" <fbsd8 at a1poweruser.com> wrote:
>> >>>> Waitman Gobble wrote:
>> >>>>> On Feb 6, 2013 7:02 AM, "Fbsd8" <fbsd8 at a1poweruser.com> wrote:
>> >>>>>> Where do I find the descriptions of what these jail MIBs do?
>> >>>>>> security.jail.param.securelevel: 0
>> >>>>>> security.jail.param.path: 1024
>> >>>>>> security.jail.param.name: 256
>> >>>>>> security.jail.param.parent: 0
>> >>>>>> security.jail.param.jid: 0
>> >> What about the other security.jail.param.* MIBs
>> >> where are they documented at?
>> In the jail(8) main page, there's the following tidbit:
>> | Jails have a set a core parameters, and kernel modules can add their
>> | own jail parameters. The current set of available parameters can be
>> | retrieved via ``sysctl -d security.jail.param''. Any parameters not
>> | set will be given default values, often based on the current
>> | environment.
>> The sysctls do not themselves have values. Their useful parts are the
>> associated types and descriptions (as well as their very existence). The
>> descriptions are good for the above-mentioned "sysctl -d", and the types
>> are used by jail(8) to know how to set a particular parameter.
>>> Rereading the "man jail" for 9.1 talks about securelevel as a jail
>>> parammeter. So correct me if I an wrong. All the
>>> security.jail.param.* MIBs are set in rc.conf or /etc/jail.conf file
>>> on a per jail bases by changing the word "parm" to the jailname?
>> There's not always a direct connection between the jail parameters and
>> the current rc.conf values. The jail parameters are what you'd use in a
>> jail.conf(5) file, or in the "jail_jailname_parameters" rc variable.
>> - Jamie
> Yes I read man jail and issued the "sysctl -d" to get the list of MIBs I
> posted. So I am still left with no explanation of HOW to code these new
> jail MIBs in 9.X to enable them on a per jail bases.
> Any thoughts on how to do that?
Well the jail(8) man page is all about setting these parameters. You
might also want to take a look at jail.conf(5) which I mentioned. But
don't think of them as MIBs anymore - the "-d" is the only thing you'll
have to do directly with the sysctls.
More information about the freebsd-questions