| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
| |
PR: 56646
Notes:
svn path=/head/; revision=136051
|
|
|
|
|
|
|
|
|
|
|
|
| |
program under specific user's credentials, clean the environment and
set only a few variables.
PR: bin/70024
Submitted by: demon
MFC after: 1 month
Notes:
svn path=/head/; revision=133743
|
|
|
|
| |
Notes:
svn path=/head/; revision=131500
|
|
|
|
|
|
|
|
|
| |
seeing status of mounted file system for jailed processes.
Pass full path of jail's root directory to the kernel. mount(8) utility is
doing the same thing already.
Notes:
svn path=/head/; revision=131182
|
|
|
|
| |
Notes:
svn path=/head/; revision=130136
|
|
|
|
|
|
|
|
|
| |
to "Since".
Pointed out by: Ceri
Notes:
svn path=/head/; revision=129966
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
about the risks of enabling raw sockets in prisons.
Because raw sockets can be used to configure and interact
with various network subsystems, extra caution should be
used where privileged access to jails is given out to
untrusted parties. As such, by default this option is disabled.
A few others and I are currently auditing the kernel
source code to ensure that the use of raw sockets by
privledged prison users is safe.
Approved by: bmilekic (mentor)
Notes:
svn path=/head/; revision=129909
|
|
|
|
|
|
|
|
|
|
|
|
| |
o getpwnam(3) returns NULL and does not set errno when the user does
not exist. Bail out with "no such user" instead of "Unknown error: 0".
PR: bin/67262
Submitted by: demon (-U flag)
MFC after: 3 weeks
Notes:
svn path=/head/; revision=129848
|
|
|
|
| |
Notes:
svn path=/head/; revision=129466
|
|
|
|
|
|
|
|
| |
Obtained from: rwatson's commit log
Approved by: rwatson
Notes:
svn path=/head/; revision=129463
|
|
|
|
|
|
|
| |
OK'ed by: bmilekic
Notes:
svn path=/head/; revision=128923
|
|
|
|
|
|
|
|
|
| |
inside jails, Christian's last submission.
Submitted by: Christian S.J. Peron <maneo@bsdpro.com>
Notes:
svn path=/head/; revision=128890
|
|
|
|
| |
Notes:
svn path=/head/; revision=125532
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
(1) Document the notion of using jail(8) to run "virtual servers" or
just to constrain specific applications. If only running specific
applications, some configuration steps are unnecessary (such as
editing rc.conf).
(2) Add some more subsection headers to break up the bigger chunks of
text.
(3) Clarify the problems associated with applications binding all IP
addresses in the host, and attempt to be more specific about
potential application problems. Document how to force sshd to
bind the the right socket.
(4) Suggest that in a jailed application scenario, you might want to
have the host syslogd listen on the socket in the jail, rather
than running syslogd in the jail.
(5) Catch another reference to /stand/sysinstall.
Approved by: re (bmah implicitly)
Notes:
svn path=/head/; revision=122910
|
|
|
|
|
|
|
|
|
| |
-CURRENT, we have /usr/sbin/sysinstall.
Approved by: re (bmah implicitly)
Notes:
svn path=/head/; revision=122909
|
|
|
|
|
|
|
|
|
|
| |
settings.
Reviewed by: rwatson
Approved by: blackend (mentor)
Notes:
svn path=/head/; revision=122505
|
|
|
|
| |
Notes:
svn path=/head/; revision=117280
|
|
|
|
|
|
|
|
|
|
| |
tell them that they also need to use devfs rules to prevent
inappropriate devices from appearing in the jail; add an Xref. In
earlier versions of this man page, the user was instructed to use
sh MAKEDEV jail, which only created a minimal set of device nodes.
Notes:
svn path=/head/; revision=116889
|
|
|
|
|
|
|
|
| |
otherwise redirection of stdout to a file using block buffering will
not complete in time.
Notes:
svn path=/head/; revision=113804
|
|
|
|
|
|
|
|
|
|
| |
o Add jexec(8) to execute a command in an existing jail.
o Add -j option for killall(1) to kill all processes in a specified
jail.
o Add -i option to jail(8) to output jail ID of newly created jail.
Notes:
svn path=/head/; revision=113277
|
|
|
|
|
|
|
| |
Submitted by: demon
Notes:
svn path=/head/; revision=113206
|
|
|
|
|
|
|
|
| |
Prodded by: bde
Reviewed by: bde
Notes:
svn path=/head/; revision=112972
|
|
|
|
|
|
|
|
|
|
| |
PR: bin/44320
Submitted by: Mike Matsnev <mike@po.cs.msu.su>
Reviewed by: -current
MFC after: 6 weeks
Notes:
svn path=/head/; revision=112705
|
|
|
|
|
|
|
| |
Spotted by: Andrew Khlebutin <andreyh@perm.ru>
Notes:
svn path=/head/; revision=112376
|
|
|
|
|
|
|
|
|
|
| |
DEVFS is now mandatory in CURRENT.
PR: docs/48095
Submitted by: Grzegorz Czaplinski <G.Czaplinski@prioris.mini.pw.edu.pl>
Notes:
svn path=/head/; revision=111688
|
|
|
|
|
|
|
| |
XXX: this example should be updated with a good example of devfs(8) rules.
Notes:
svn path=/head/; revision=105704
|
|
|
|
| |
Notes:
svn path=/head/; revision=99968
|
|
|
|
|
|
|
|
| |
PR: 38313
Submitted by: Jeff Ito <jeffi@rcn.com>
Notes:
svn path=/head/; revision=96979
|
|
|
|
|
|
|
|
| |
Also change one case of blatant __progname abuse (several more remain)
This commit does not touch anything in src/{contrib,crypto,gnu}/.
Notes:
svn path=/head/; revision=95258
|
|
|
|
|
|
|
|
|
| |
beneath it.
Reviewed by: rwatson
Notes:
svn path=/head/; revision=89414
|
|
|
|
| |
Notes:
svn path=/head/; revision=89216
|
|
|
|
| |
Notes:
svn path=/head/; revision=89215
|
|
|
|
| |
Notes:
svn path=/head/; revision=87943
|
|
|
|
| |
Notes:
svn path=/head/; revision=87863
|
|
|
|
|
|
|
|
|
|
| |
changes.
Approved by: rwatson
Reviewed by: rwatson
Notes:
svn path=/head/; revision=87717
|
|
|
|
| |
Notes:
svn path=/head/; revision=82874
|
|
|
|
| |
Notes:
svn path=/head/; revision=82417
|
|
|
|
|
|
|
|
| |
These are not perfectly in agreement with each other style-wise, but they
are orders of orders of magnitude more consistent style-wise than before.
Notes:
svn path=/head/; revision=80029
|
|
|
|
| |
Notes:
svn path=/head/; revision=79755
|
|
|
|
| |
Notes:
svn path=/head/; revision=79537
|
|
|
|
| |
Notes:
svn path=/head/; revision=79293
|
|
|
|
|
|
|
|
|
| |
where necessary.
Submitted by: Mike Barcroft <mike@q9media.com>
Notes:
svn path=/head/; revision=79011
|
|
|
|
| |
Notes:
svn path=/head/; revision=78723
|
|
|
|
|
|
|
| |
builtints (e.g., exit, strcmp).
Notes:
svn path=/head/; revision=78720
|
|
|
|
|
|
|
|
|
| |
portmap.8 --> rpcbind.8
Submitted by: .Xr testing script
Notes:
svn path=/head/; revision=77878
|
|
|
|
|
|
|
|
|
|
|
|
| |
NO_MAKEDEV_INSTALL and NO_MAKEDEV_RUN. The former implying the latter.
The names imply what they do. The last commit by DES based on a PR defeated
the original idea behind NO_MAKEDEV, which was not to run MAKEDEV, but to do
the installation of MAKEDEV. This should satisfy both parties on the MAKEDEV
challenge.
Reflect this in the documentation.
Notes:
svn path=/head/; revision=74991
|
|
|
|
|
|
|
| |
- MAN[1-9] -> MAN.
Notes:
svn path=/head/; revision=74816
|
|
|
|
| |
Notes:
svn path=/head/; revision=74532
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
a simple make world; while this does a bit more work, it means that
jail(8) doesn't have to be kept in sync with /usr/src/Makefile{,.inc1}
which is a moving target. MFC candidate.
Submitted by: FUJISHIMA Satsuki <sf@FreeBSD.org>
Reviewed by: phk
Also pointed out by: Phil Kernick <Phil@Kernick.org>
Notes:
svn path=/head/; revision=74115
|
|
|
|
| |
Notes:
svn path=/head/; revision=71898
|