FreeBSD Manual Pages
JAIL(2) BSD System Calls Manual JAIL(2) NAME jail, jail_attach -- imprison current process and future descendants LIBRARY Standard C Library (libc, -lc) SYNOPSIS #include <sys/param.h> #include <sys/jail.h> int jail(struct jail *jail); int jail_attach(int jid); DESCRIPTION The jail() system call sets up a jail and locks the current process in it. The argument is a pointer to a structure describing the prison: struct jail { u_int32_t version; char *path; char *hostname; char *jailname; unsigned int ip4s; unsigned int ip6s; struct in_addr *ip4; struct in6_addr *ip6; }; "version" defines the version of the API in use. JAIL_API_VERSION is de- fined for the current version. The "path" pointer should be set to the directory which is to be the root of the prison. The "hostname" pointer can be set to the hostname of the prison. This can be changed from the inside of the prison. The "jailname" pointer is an optional name that can be assigned to the jail for example for managment purposes. The "ip4s" and "ip6s" give the numbers of IPv4 and IPv6 addresses that will be passed via their respective pointers. The "ip4" and "ip6" pointers can be set to an arrays of IPv4 and IPv6 ad- dresses to be assigned to the prison, or NULL if none. IPv4 addresses must be in network byte order. The jail_attach() system call attaches the current process to an existing jail, identified by jid. RETURN VALUES If successful, jail() returns a non-negative integer, termed the jail identifier (JID). It returns -1 on failure, and sets errno to indicate the error. The jail_attach() function returns the value 0 if successful; otherwise the value -1 is returned and the global variable errno is set to indicate the error. PRISON? Once a process has been put in a prison, it and its descendants cannot escape the prison. Inside the prison, the concept of "superuser" is very diluted. In gen- eral, it can be assumed that nothing can be mangled from inside a prison which does not exist entirely inside that prison. For instance the di- rectory tree below "path" can be manipulated all the ways a root can nor- mally do it, including "rm -rf /*" but new device special nodes cannot be created because they reference shared resources (the device drivers in the kernel). The effective "securelevel" for a process is the greater of the global "securelevel" or, if present, the per-jail "securelevel". All IP activity will be forced to happen to/from the IP number specified, which should be an alias on one of the network interfaces. All connec- tions to/from the loopback address (127.0.0.1 for IPv4, ::1 for IPv6) will be changed to be to/from the primary address of the jail for the given address family. It is possible to identify a process as jailed by examining "/proc/<pid>/status": it will show a field near the end of the line, ei- ther as a single hyphen for a process at large, or the hostname currently set for the prison for jailed processes. ERRORS The jail() system call will fail if: [EINVAL] The version number of the argument is not correct. Further jail() calls chroot(2) internally, so it can fail for all the same reasons. Please consult the chroot(2) manual page for details. SEE ALSO chdir(2), chroot(2) HISTORY The jail() system call appeared in FreeBSD 4.0. The jail_attach() system call appeared in FreeBSD 5.1. AUTHORS The jail feature was written by Poul-Henning Kamp for R&D Associates "http://www.rndassociates.com/" who contributed it to FreeBSD. BSD January 6, 2009 BSD
NAME | LIBRARY | SYNOPSIS | DESCRIPTION | RETURN VALUES | PRISON? | ERRORS | SEE ALSO | HISTORY | AUTHORS
Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=jail&sektion=2&manpath=FreeBSD+7.2-RELEASE>