FreeBSD Manual Pages
JAIL(2) System Calls Manual JAIL(2) NAME jail, jail_get, jail_set, jail_remove, jail_attach, jail_remove_jd, jail_attach_jd -- create and manage system jails LIBRARY Standard C Library (libc, -lc) SYNOPSIS #include <sys/param.h> #include <sys/jail.h> int jail(struct jail *jail); int jail_attach(int jid); int jail_remove(int jid); int jail_attach_jd(int fd); int jail_remove_jd(int fd); #include <sys/uio.h> int jail_get(struct iovec *iov, u_int niov, int flags); int jail_set(struct iovec *iov, u_int niov, int flags); DESCRIPTION The jail() system call sets up a jail and locks the current process in it. The argument is a pointer to a structure describing the prison: struct jail { uint32_t version; char *path; char *hostname; char *jailname; unsigned int ip4s; unsigned int ip6s; struct in_addr *ip4; struct in6_addr *ip6; }; "version" defines the version of the API in use. JAIL_API_VERSION is defined for the current version. The "path" pointer should be set to the directory which is to be the root of the prison. The "hostname" pointer can be set to the hostname of the prison. This can be changed from the inside of the prison. The "jailname" pointer is an optional name that can be assigned to the jail for example for management purposes. The "ip4s" and "ip6s" give the numbers of IPv4 and IPv6 addresses that will be passed via their respective pointers. The "ip4" and "ip6" pointers can be set to an arrays of IPv4 and IPv6 addresses to be assigned to the prison, or NULL if none. IPv4 ad- dresses must be in network byte order. This is equivalent to, and deprecated in favor of, the jail_set() sys- tem call (see below), with the parameters path, host.hostname, name, ip4.addr, and ip6.addr, and with the JAIL_ATTACH flag. The jail_set() system call creates a new jail, or modifies an existing one, and optionally locks the current process in it. Jail parameters are passed as an array of name-value pairs in the array iov, containing niov elements. Parameter names are a null-terminated string, and val- ues may be strings, integers, or other arbitrary data. Some parameters are boolean, and do not have a value (their length is zero) but are set by the name alone with or without a "no" prefix, e.g. persist or nopersist. Any parameters not set will be given default values, gener- ally based on the current environment. Jails have a set of core parameters, and modules can add their own jail parameters. The current set of available parameters, and their for- mats, can be retrieved via the security.jail.param sysctl MIB entry. Notable parameters include those mentioned in the jail() description above, as well as jid and name, which identify the jail being created or modified. See jail(8) for more information on the core jail parame- ters. The flags arguments consists of one or more of the following flags: JAIL_CREATE Create a new jail. If a jid or name parameters exists, they must not refer to an existing jail. JAIL_UPDATE Modify an existing jail. One of the jid or name parameters must exist, and must refer to an existing jail. If both JAIL_CREATE and JAIL_UPDATE are set, a jail will be created if it does not yet exist, and modified if it does exist. JAIL_ATTACH In addition to creating or modifying the jail, attach the cur- rent process to it, as with the jail_attach() system call. JAIL_DYING This is deprecated in jail_set() and has no effect. JAIL_USE_DESC Identify the jail by a descriptor in the desc parameter. JAIL_AT_DESC Operate in the context of the jail described by the desc para- meter, instead of the current jail. Only one of JAIL_USE_DESC or JAIL_AT_DESC may be specified. JAIL_GET_DESC Return a new jail descriptor for the jail in the desc parame- ter. JAIL_OWN_DESC Return an "owning" jail descriptor in the desc parameter. The jail_get() system call retrieves jail parameters, using the same name-value list as jail_set() in the iov and niov arguments. The jail to read can be specified by either jid or name by including those para- meters in the list. If they are included but are not intended to be the search key, they should be cleared (zero and the empty string re- spectively). The special parameter lastjid can be used to retrieve a list of all jails. It will fetch the jail with the jid above and closest to the passed value. The first jail (usually but not always jid 1) can be found by passing a lastjid of zero. The flags arguments consists of one or more following flags: JAIL_DYING Allow getting a jail that is in the process of being removed. JAIL_USE_DESC, JAIL_AT_DESC, JAIL_GET_DESC, JAIL_OWN_DESC These have the same meaning as they do in jail_set(). The jail_attach() system call attaches the current process to an exist- ing jail, identified by jid. It changes the process's root and current directories to the jail's path directory. The jail_remove() system call removes the jail identified by jid. It will kill all processes belonging to the jail, and remove any children of that jail. The jail_attach_fd() and jail_remove_fd() system calls work the same as jail_attach() and jail_remove(), except that they operate on the jail identified by jail descriptor fd. Jail Descriptors In addition to the jail ID, jails can be referred to using a jail de- scriptor, a type of file descriptor tied to a particular jail. Jail descriptors are created by calling jail_set() or jail_get() with the special parameter desc, and either the JAIL_GET_DESC or JAIL_OWN_DESC flags set. The difference between the two flags is that descriptors created with JAIL_OWN_DESC (called "owning" descriptors) will automati- cally remove the jail when the descriptor is closed. Jail descriptors can be passed back to jail_set() or with the desc pa- rameter, and either the JAIL_USE_DESC or JAIL_AT_DESC flags set. With JAIL_USE_DESC, the descriptor identifies the jail to operate on, in- stead of the jid or name parameter. With JAIL_AT_DESC, the descriptor is used in place of the current jail, allowing accessing or creating jails that are children of the descriptor jail. The system calls jail_attach_jd() and jail_aremove_jd() work the same as jail_attach() and jail_remove(), except that they operate on the jail referred to by the passed descriptor. RETURN VALUES If successful, jail(), jail_set(), and jail_get() return a non-negative integer, termed the jail identifier (JID). They return -1 on failure, and set errno to indicate the error. The jail_attach(), jail_remove(), jail_attach_jd(), and jail_remove_jd() functions return the value 0 if successful; otherwise the value -1 is returned and the global variable errno is set to indi- cate the error. ERRORS The jail() system call will fail if: [EPERM] This process is not allowed to create a jail, either because it is not the super-user, or because it would exceed the jail's children.max limit. [EFAULT] jail points to an address outside the allocated ad- dress space of the process. [EINVAL] The version number of the argument is not correct. [EAGAIN] No free JID could be found. The jail_set() system call will fail if: [EPERM] This process is not allowed to create a jail, either because it is not the super-user, or because it would exceed the jail's children.max limit. [EPERM] The jail descriptor in the desc parameter was cre- ated by a user other than the super-user, and the JAIL_USE_DESC flag was set. [EPERM] A jail parameter was set to a less restrictive value then the current environment. [EFAULT] Iov, or one of the addresses contained within it, points to an address outside the allocated address space of the process. [ENOENT] The jail referred to by a jid or name parameter does not exist, and the JAIL_CREATE flag is not set. [ENOENT] The jail referred to by a jid parameter is not ac- cessible by the process, because the process is in a different jail. [ENOENT] The jail referred to by a desc parameter has been removed. [EEXIST] The jail referred to by a jid or name parameter ex- ists, and the JAIL_UPDATE flag is not set. [EINVAL] A supplied parameter is the wrong size. [EINVAL] A supplied parameter is out of range. [EINVAL] A supplied string parameter is not null-terminated. [EINVAL] A supplied parameter name does not match any known parameters. [EINVAL] One of the JAIL_CREATE or JAIL_UPDATE flags is not set. [ENAMETOOLONG] A supplied string parameter is longer than allowed. [EAGAIN] There are no jail IDs left. [EMFILE] A jail descriptor could not be created for the desc parameter with either the JAIL_GET_DESC or JAIL_OWN_DESC flag set, because the process has al- ready reached its limit for open file descriptors. [ENFILE] A jail descriptor could not be created for the desc parameter with either the JAIL_GET_DESC or JAIL_OWN_DESC flag set, because the system file ta- ble is full. The jail_get() system call will fail if: [ENOENT] The jail referred to by a jid or name parameter does not exist. [ENOENT] The jail referred to by a jid is not accessible by the process, because the process is in a different jail. [ENOENT] The lastjid parameter is greater than the highest current jail ID. [ENOENT] The jail referred to by a desc parameter has been removed (even if the JAIL_CREATE flag has been set). [EINVAL] A supplied parameter is the wrong size. [EINVAL] A supplied parameter is out of range. [EINVAL] A supplied string parameter is not null-terminated. [EINVAL] A supplied parameter name does not match any known parameters. [EMFILE] A jail descriptor could not be created for the desc parameter with either the JAIL_GET_DESC or JAIL_OWN_DESC flag set, because the process has al- ready reached its limit for open file descriptors. [ENFILE] A jail descriptor could not be created for the desc parameter with either the JAIL_GET_DESC or JAIL_OWN_DESC flag set, because the system file ta- ble is full. The jail_attach() and jail_remove() system calls will fail if: [EPERM] A user other than the super-user attempted to attach to or remove a jail. [EINVAL] The jail specified by jid does not exist. The jail_attach_jd() and jail_remove_jd() system calls will fail if: [EINVAL] The fd argument is not a valid jail descriptor. [EPERM] The jail descriptor was created by a user other than the super-user. [EINVAL] The jail specified by jid has been removed. Further jail(), jail_set(), jail_attach(), and jail_attach_jd() call chroot(2) internally, so they can fail for all the same reasons. In particular, they return the [EPERM] error when the process to join a jail has open directories. Please consult the chroot(2) manual page for details. SEE ALSO chdir(2), chroot(2), jail(8) HISTORY The jail() system call appeared in FreeBSD 4.0. The jail_attach() sys- tem call appeared in FreeBSD 5.1. The jail_set(), jail_get(), and jail_remove() system calls appeared in FreeBSD 8.0. AUTHORS The jail feature was written by Poul-Henning Kamp for R&D Associates who contributed it to FreeBSD. James Gritton added the extensible jail parameters and hierarchical jails. FreeBSD 15.0 September 15, 2025 JAIL(2)
NAME | LIBRARY | SYNOPSIS | DESCRIPTION | RETURN VALUES | ERRORS | SEE ALSO | HISTORY | AUTHORS
Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=jail_set&sektion=2&manpath=FreeBSD+15.0-RELEASE+and+Ports>