rsbac_jail(1)

NAME

rsbac_jail - put program into RSBAC jail

SYNOPSIS

rsbac_jail [-vilnrao] {path} {IP} {prog} [args]

DESCRIPTION

All Linux kernels provide the chroot system call to confine a process in a subdirectory. Unfortunately, this does not protect the system from root processes, and it can be broken out of. The JAIL module extends the chroot system call functionality to provide a superset of the FreeBSD jail functionality (except individual kernel level hostnames).

This program will put the process into a jail with chroot to path, ip address IP and then execute prog with args.

See appropriate RSBAC documentation about for JAIL module details.

OPTIONS

-v verbose program output

-i allow access to IPC outside this jail

-l allow jailed processes to change their rlimits

-n allow all network families, not only UNIX and INET (IPv4)

-r allow INET (IPv4) raw sockets (e.g. for ping)

-a auto-adjust INET any address 0.0.0.0 to jail address, if set

-o additionally allow to/from remote INET (IPv4) address 127.0.0.1

AUTHOR

Amon Ott <ao@rsbac.org>.

Rule Set Based Access Control May 2003 RSBAC_JAIL(1)

Copyright © 2010-2025 Platon Technologies, s.r.o.           Home | Man pages | tLDP | Documents | Utilities | About
Design by styleshout