Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages


home | help
JAIL(2)			    BSD	System Calls Manual		       JAIL(2)

     jail, jail_attach -- imprison current process and future descendants

     Standard C	Library	(libc, -lc)

     #include <sys/param.h>
     #include <sys/jail.h>

     jail(struct jail *jail);

     jail_attach(int jid);

     The jail()	system call sets up a jail and locks the current process in

     The argument is a pointer to a structure describing the prison:

	   struct jail {
		   u_int32_t	   version;
		   char		   *path;
		   char		   *hostname;
		   char		   *jailname;
		   unsigned int	   ip4s;
		   unsigned int	   ip6s;
		   struct in_addr  *ip4;
		   struct in6_addr *ip6;

     "version" defines the version of the API in use.  JAIL_API_VERSION	is de-
     fined for the current version.

     The "path"	pointer	should be set to the directory which is	to be the root
     of	the prison.

     The "hostname" pointer can	be set to the hostname of the prison.  This
     can be changed from the inside of the prison.

     The "jailname" pointer is an optional name	that can be assigned to	the
     jail for example for managment purposes.

     The "ip4s"	and "ip6s" give	the numbers of IPv4 and	IPv6 addresses that
     will be passed via	their respective pointers.

     The "ip4" and "ip6" pointers can be set to	an arrays of IPv4 and IPv6 ad-
     dresses to	be assigned to the prison, or NULL if none.  IPv4 addresses
     must be in	network	byte order.

     The jail_attach() system call attaches the	current	process	to an existing
     jail, identified by jid.

     If	successful, jail() returns a non-negative integer, termed the jail
     identifier	(JID).	It returns -1 on failure, and sets errno to indicate
     the error.

     The jail_attach() function	returns	the value 0 if successful; otherwise
     the value -1 is returned and the global variable errno is set to indicate
     the error.

     Once a process has	been put in a prison, it and its descendants cannot
     escape the	prison.

     Inside the	prison,	the concept of "superuser" is very diluted.  In	gen-
     eral, it can be assumed that nothing can be mangled from inside a prison
     which does	not exist entirely inside that prison.	For instance the di-
     rectory tree below	"path" can be manipulated all the ways a root can nor-
     mally do it, including "rm	-rf /*"	but new	device special nodes cannot be
     created because they reference shared resources (the device drivers in
     the kernel).  The effective "securelevel" for a process is	the greater of
     the global	"securelevel" or, if present, the per-jail "securelevel".

     All IP activity will be forced to happen to/from the IP number specified,
     which should be an	alias on one of	the network interfaces.	 All connec-
     tions to/from the loopback	address	( for IPv4, ::1 for IPv6)
     will be changed to	be to/from the primary address of the jail for the
     given address family.

     It	is possible to identify	a process as jailed by examining
     "/proc/<pid>/status": it will show	a field	near the end of	the line, ei-
     ther as a single hyphen for a process at large, or	the hostname currently
     set for the prison	for jailed processes.

     The jail()	system call will fail if:

     [EINVAL]		The version number of the argument is not correct.

     Further jail() calls chroot(2) internally,	so it can fail for all the
     same reasons.  Please consult the chroot(2) manual	page for details.

     chdir(2), chroot(2)

     The jail()	system call appeared in	FreeBSD	4.0.  The jail_attach()	system
     call appeared in FreeBSD 5.1.

     The jail feature was written by Poul-Henning Kamp for R&D Associates
     "" who contributed it	to FreeBSD.

BSD				January	6, 2009				   BSD


Want to link to this manual page? Use this URL:

home | help