diff options
| author | Mike Barcroft <mike@FreeBSD.org> | 2003-04-09 02:55:18 +0000 |
|---|---|---|
| committer | Mike Barcroft <mike@FreeBSD.org> | 2003-04-09 02:55:18 +0000 |
| commit | fd7a8150fbfa35eca5fa77c068493cc6315a4eb2 (patch) | |
| tree | c6122edf636b885d1df318cda6d94636af3212f8 /lib/libc | |
| parent | db5f2ca8df1aa9b4e549245acc5c5e4134fee404 (diff) | |
Notes
Diffstat (limited to 'lib/libc')
| -rw-r--r-- | lib/libc/sys/Makefile.inc | 1 | ||||
| -rw-r--r-- | lib/libc/sys/jail.2 | 32 |
2 files changed, 30 insertions, 3 deletions
diff --git a/lib/libc/sys/Makefile.inc b/lib/libc/sys/Makefile.inc index 122d4aee39ea..7c070e1fe04d 100644 --- a/lib/libc/sys/Makefile.inc +++ b/lib/libc/sys/Makefile.inc @@ -115,6 +115,7 @@ MLINKS+=getsockopt.2 setsockopt.2 MLINKS+=gettimeofday.2 settimeofday.2 MLINKS+=getuid.2 geteuid.2 MLINKS+=intro.2 errno.2 +MLINKS+=jail.2 jail_attach.2 MLINKS+=kqueue.2 kevent.2 MLINKS+=kse.2 kse_create.2 kse.2 kse_exit.2 kse.2 kse_release.2 \ kse.2 kse_wakeup.2 kse.2 kse_thr_interrupt.2 diff --git a/lib/libc/sys/jail.2 b/lib/libc/sys/jail.2 index 4656438734a5..288f30de5d2b 100644 --- a/lib/libc/sys/jail.2 +++ b/lib/libc/sys/jail.2 @@ -8,7 +8,7 @@ .\" .\"$FreeBSD$ .\" -.Dd April 28, 1999 +.Dd April 8, 2003 .Dt JAIL 2 .Os .Sh NAME @@ -17,10 +17,12 @@ .Sh LIBRARY .Lb libc .Sh SYNOPSIS -.In sys/types.h +.In sys/param.h .In sys/jail.h .Ft int .Fn jail "struct jail *jail" +.Ft int +.Fn jail_attach "int jid" .Sh DESCRIPTION The .Fn jail @@ -52,9 +54,29 @@ from the inside of the prison. The .Dq Li ip_number can be set to the IP number assigned to the prison. +.Pp +The +.Fn jail_attach +system call attaches the current process to an existing jail, +identified by +.Va jid . +.Sh RETURN VALUES +If successful, +.Fn jail +returns a non-negative integer, termed the jail identifier (JID). +It returns -1 on failure, and sets +.Va errno +to indicate the error. +.Pp +If successful, +.Fn jail_attach +returns 0. +It returns -1 on failure, and sets +.Va errno +to indicate the error. .Sh PRISON? Once a process has been put in a prison, it and its decendants cannot escape -the prison. It is not possible to add a process to a preexisting prison. +the prison. .Pp Inside the prison, the concept of "superuser" is very diluted. In general, it can be assumed that nothing can be mangled from inside a prison which @@ -100,6 +122,10 @@ The .Fn jail system call appeared in .Fx 4.0 . +The +.Fn jail_attach +system call appeared in +.Fx 5.1 . .Sh AUTHORS The jail feature was written by .An Poul-Henning Kamp |