jail(2)

NAME

jail, jail_attach - imprison current process and future de
scendants

LIBRARY

Standard C Library (libc, -lc)

SYNOPSIS

#include <sys/param.h>
#include <sys/jail.h>
int
jail(struct jail *jail);
int
jail_attach(int jid);

DESCRIPTION

The jail() system call sets up a jail and locks the current
process in
it.
The argument is a pointer to a structure describing the
prison:

struct jail {
u_int32_t version;
char *path;
char *hostname;
u_int32_t ip_number;
};
``version'' defines the version of the API in use. It
should be set to
zero at this time.
The ``path'' pointer should be set to the directory which is
to be the
root of the prison.
The ``hostname'' pointer can be set to the hostname of the
prison. This
can be changed from the inside of the prison.
The ``ip_number'' can be set to the IP number assigned to
the prison.
The jail_attach() system call attaches the current process
to an existing
jail, identified by jid.

RETURN VALUES

If successful, jail() returns a non-negative integer, termed
the jail
identifier (JID). It returns -1 on failure, and sets errno
to indicate
the error.
The jail_attach() function returns the value 0 if success
ful; otherwise
the value -1 is returned and the global variable errno is
set to indicate
the error.

PRISON?

Once a process has been put in a prison, it and its descen
dants cannot
escape the prison.
Inside the prison, the concept of ``superuser'' is very di
luted. In general, it can be assumed that nothing can be mangled from in
side a prison
which does not exist entirely inside that prison. For in
stance the
directory tree below ``path'' can be manipulated all the
ways a root can
normally do it, including ``rm -rf /*'' but new device spe
cial nodes cannot be created because they reference shared resources (the
device
drivers in the kernel). The effective ``securelevel'' for a
process is
the greater of the global ``securelevel'' or, if present,
the per-jail
``securelevel''.
All IP activity will be forced to happen to/from the IP num
ber specified,
which should be an alias on one of the network interfaces.
It is possible to identify a process as jailed by examining
``/proc/<pid>/status'': it will show a field near the end of
the line,
either as a single hyphen for a process at large, or the
hostname currently set for the prison for jailed processes.

ERRORS

The jail() system call will fail if:

[EINVAL] The version number of the argument is not
correct.
Further jail() calls chroot(2) internally, so it can fail
for all the
same reasons. Please consult the chroot(2) manual page for
details.

SEE ALSO

chdir(2), chroot(2)

HISTORY

The jail() system call appeared in FreeBSD 4.0. The
jail_attach() system
call appeared in FreeBSD 5.1.

AUTHORS

The jail feature was written by Poul-Henning Kamp for R&D
Associates
``http://www.rndassociates.com/'' who contributed it to
FreeBSD.
BSD April 8, 2003
Copyright © 2010-2024 Platon Technologies, s.r.o.           Home | Man pages | tLDP | Documents | Utilities | About
Design by styleshout