History log of /freebsd-head/usr.sbin/jail/jail.c
Revision Date Author Comments
9fcd25b7d72b6895a7102e7f469e5b637b67c911 14-May-2020 freqlabs <freqlabs@FreeBSD.org> jail: Add exec.prepare and exec.release command hooks

This change introduces new jail command hooks that run before and after any
other actions.

The exec.prepare hook can be used for example to invoke a script that checks
if the jail's root exists, creating it if it does not. Since arbitrary
variables in jail.conf can be passed to the command, it can be pretty useful
for templating jails.

An example use case for exec.release would be to remove the filesystem of an
ephemeral jail.

The names "prepare" and "release" are borrowed from the names of similar hooks
in libvirt.

Reviewed by: jamie, manpages, mmacy
Approved by: mmacy (mentor)
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D24829
70066b93393435ae727727b8ef7716b3c7131ee0 17-Apr-2020 eugen <eugen@FreeBSD.org> jail(8): improve manual and usage information with more clear
description for "jail -e" mode to show that it does not take
additional jail name argument.

Reported by: David Marec <david.marec@davenulle.org>
MFC after: 3 days
7e81b085554811b11b372bec13d045335562364c 10-Nov-2018 eugen <eugen@FreeBSD.org> jail(8): introduce new command option -e to exhibit
a list of configured non-wildcard jails with their parameters,
no matter running or not.

The option -e takes separator argument that is used
to separate printed parameters. It will be used with following
additions to system periodic scripts to differentiate parts
of directory tree belonging jails as opposed to host's.

MFC after: 1 month
b5bdd5a3db74eb50e728be9d87cf31854ed11e91 16-Aug-2018 jamie <jamie@FreeBSD.org> security.jail.enforce_statfs is handled by jail_set(2), so handling it in
userspace jail(8) is redundant.

Differential Revision: D14791
944c2d43e832249ab379729c85e4910178f54617 15-Aug-2018 jamie <jamie@FreeBSD.org> Don't let clobber jailparam values when checking for modification of
init-only parameters.

Compare string parameter values with strncmp, not memcmp.

PR: 230487
Reported by: Jason Mader
MFC after: 3 days
42ccecb54bc6d2fd91950ba895e4ac88c7a08efd 15-Aug-2018 netchild <netchild@FreeBSD.org> - Add exec hook "exec.created". This is called when the jail is
created and before exec.start is called. [1]
- Bump __FreeBSD_version.

This allows to attach ZFS datasets and various other things to be
done before any command/service/rc-script is started in the new
jail.

PR: 228066 [1]
Reviewed by: jamie [1]
Submitted by: Stefan Grönke <stefan@gronke.net> [1]
Differential Revision: https://reviews.freebsd.org/D15330 [1]
7551d83c353e040b32c6ac205e577dbc5f2c8955 27-Nov-2017 pfg <pfg@FreeBSD.org> various: general adoption of SPDX licensing ID tags.

Mainly focus on files that use BSD 2-Clause license, however the tool I
was using misidentified many licenses so this was mostly a manual - error
prone - task.

The Software Package Data Exchange (SPDX) group provides a specification
to make it easier for automated tools to detect and summarize well known
opensource licenses. We are gradually adopting the specification, noting
that the tags are considered only advisory and do not, in any way,
superceed or replace the license texts.

No functional change intended.
8d19ad1845f751b7114c9c28f306eeede6ba4a91 10-Nov-2017 emaste <emaste@FreeBSD.org> Strip EOL whitespace in usr.sbin/{jail,jexec}
0809c4bc3c8a01f29cc30327b306b0416d50ca1a 26-Dec-2016 delphij <delphij@FreeBSD.org> Don't assign rtjp twice.

Reported by: clang static analyzer
MFC after: 2 weeks
00d578928eca75be320b36d37543a7e2a4f9fbdb 27-May-2016 grehan <grehan@FreeBSD.org> Create branch for bhyve graphics import.
f8ff07ebef14d8d87007863c4b3bfcf35f6b515f 10-Feb-2015 jamie <jamie@FreeBSD.org> MFC r278323:

Add mount.procfs jail parameter, so procfs can be mounted when a prison's
root is in its fstab.

Also fix a typo while I'm at it.

PR: 197237 197066
6064614ca50b8b6311bd60d1f85c0dcba8ef8954 06-Feb-2015 jamie <jamie@FreeBSD.org> Add mount.procfs jail parameter, so procfs can be mounted when a prison's
root is in its fstab.

Also fix a typo while I'm at it.

PR: 197237 197066
MFC after: 3 days
86654891d03ffa246d52c98288a42cdd8e0ee6e8 25-Nov-2014 jamie <jamie@FreeBSD.org> In preparation for using clang's -Wcast-qual:

Use __DECONST (instead of my own attempted re-invention) for the iov
parameters to jail_get/set(2). Similarly remove the decost-ish hack
from execvp's argv, except the __DECONST is only added at very end.

While I'm at it, remove an unused variable and fix a comment typo.
eb1a5f8de9f7ea602c373a710f531abbf81141c4 21-Feb-2014 gjb <gjb@FreeBSD.org> Move ^/user/gjb/hacking/release-embedded up one directory, and remove
^/user/gjb/hacking since this is likely to be merged to head/ soon.

Sponsored by: The FreeBSD Foundation
6b01bbf146ab195243a8e7d43bb11f8835c76af8 27-Dec-2013 gjb <gjb@FreeBSD.org> Copy head@r259933 -> user/gjb/hacking/release-embedded for initial
inclusion of (at least) arm builds with the release.

Sponsored by: The FreeBSD Foundation
2a6361507410ac1bd935b61f13d48c2512bb6cc3 12-Oct-2013 hrs <hrs@FreeBSD.org> MFC 256385:

- Add mount.fdescfs parameter to jail(8). This is similar to
mount.devfs but mounts fdescfs. The mount happens just after
mount.devfs.

- rc.d/jail now displays whole error message from jail(8) when a jail
fails to start.

Approved by: re (gjb)
513bdd96d7234f6f561d60a5f7956c040564278b 12-Oct-2013 hrs <hrs@FreeBSD.org> - Add mount.fdescfs parameter to jail(8). This is similar to
mount.devfs but mounts fdescfs. The mount happens just after
mount.devfs.

- rc.d/jail now displays whole error message from jail(8) when a jail
fails to start.

Approved by: re (gjb)
f8b617128eef2b25bc94fbced03090dd490df5d0 10-Oct-2013 hrs <hrs@FreeBSD.org> - Update rc.d/jail to use a jail(8) configuration file instead of
command line options. The "jail_<jname>_*" rc.conf(5) variables for
per-jail configuration are automatically converted to
/var/run/jail.<jname>.conf before the jail(8) utility is invoked.
This is transparently backward compatible.

- Fix a minor bug in jail(8) which prevented it from returning false
when jail -r failed.

Approved by: re (glebius)
5aeb73af6c7bed7a202fdbe8f227a82f48caf5ea 23-Aug-2012 jamie <jamie@FreeBSD.org> Pre-separate IP addresses passed on the command line, so they can be
properly parsed for interface prefixes and netmask suffixes. This was
already done for the old-style (fixed) command line, but missed for
the new-style.

MFC after: 1 week
171f00e55abdd98a2d53f546dc923e9faff15d38 28-Jun-2012 maxim <maxim@FreeBSD.org> o Restore -u <username> getopt(3) flag somehow killed in r234712.

PR: bin/169490
Submitted by: amdmi3
MFC after: 2 weeks
5ddbe53eac495d89b4eb26531ed3c615434c0146 28-May-2012 jamie <jamie@FreeBSD.org> When writing the jid via the -i flag, do it right when the jail is created,
before any commands run. /etc/rc.d/jail depends on this.
18b00ce05256ac1bef00083a0ce9a34fcb4c49a9 03-May-2012 jamie <jamie@FreeBSD.org> Add a meta-parameter IP__NULL to enum intparam, instead of mixing
enum values and zeroes. This keeps clang happy (and is just good form).

Submitted by: dim
a85d762796e36a664734574599d8854c54db7479 08-Feb-2012 jamie <jamie@FreeBSD.org> Improvements in error messages:

Some errors printed the jail name for unnamed (command line) jails.

Attempting to create an already-existing jail from the command line
returned with no error (even for non-root) due to bad logic in
start_state.

Ignore kvm_proc errors, which are typically caused by permission
problems. Instead, stop ignoring permission errors when removing
a jail (but continue to silently ignore other errors, i.e. the
jail no longer existing). This makes non-root attempts at removing
a jail give a clearer error message.
7fb1cfc351e28fde87dc1b4a11d8b72a5d9ca797 07-Feb-2012 jamie <jamie@FreeBSD.org> Allow relative pathnames for jails generated on the command line
(but continue to flag when from a config file).
1259ca3ed41459b062f700f4fcf99bc845e480c0 24-Jan-2012 mm <mm@FreeBSD.org> Try resolving jail path with realpath(3).

jail(8) does a chdir(2) to the given path argument. Kernel evaluates the
jail path from the new cwd and not from the original cwd, which leads to
undesired behavior if given a relative path.

Reviewed by: jamie
MFC after: 2 weeks
416d58f50fc60475c5aa1691108b5280a7296d47 22-Jun-2011 jamie <jamie@FreeBSD.org> Advance to the next command before running anything, so errors found in
finish_command can be processed properly.
Call failed() once in next_command() instead of multiple times in
run_command().
Continue processing commands when a no-wait operation (IP__OP or background
command) succeeds.
6811668a5f8d31f9754803ba22ad926b39c67e0c 20-Jun-2011 jamie <jamie@FreeBSD.org> Following r222465:

Check for IPv4 or IPv6 to be available by the kernel to not
provoke errors trying to query options not available.
Make it possible to compile out INET or INET6 only parts.
b3870a12d7efae3649e1a6c7496069c521524a0b 18-Jun-2011 jamie <jamie@FreeBSD.org> Move the actual create/remove (IP__OP) handling into run_command,
and the cost of an ugly single-use global variable.
8d425bfde2c0af68087f5784ac994ac5d316a375 17-Jun-2011 jamie <jamie@FreeBSD.org> Update copyright dates and other whitespacey stuff.
bf5da8413e8633aec301ea33b6698aa264e91927 17-Jun-2011 jamie <jamie@FreeBSD.org> Split run_command up into an outer function (next_command) that chooses
a single command string to run, and an inner function (run_command) that
runs that single string.
Move the list of start/stop commands to run from a switch statement into
an array, with a new placeholder parameter IP__OP for actually creating
or removing the jail.
When jail creation fails, revert all non-exec commands in reverse order.
0e5ec9dce0b4f9791252ba22064fb407dc733ff9 17-Jun-2011 jamie <jamie@FreeBSD.org> Change cfstrings from an STAILQ into a TAILQ to allow commands to be
traversed in reverse order.
2c33480efee405ba67f6c56ca42ef7773445f470 29-May-2011 bz <bz@FreeBSD.org> Check for IPv4 or IPv6 to be available by the kernel to not
provoke errors trying to query options not available.
Make it possible to compile out INET or INET6 only parts.

Reviewed by: jamie
Sponsored by: The FreeBSD Foundation
Sponsored by: iXsystems
MFC after: 10 days
3a156b82bb5985e9c61a72da436b8f7ccc2c9b24 10-Dec-2010 jamie <jamie@FreeBSD.org> run_command (mostly) cleanup:

Make the parallelism limit a global instead of always passing it
to run_command and finish_command.
In the case of an empty command string, try to run any other strings
the command may have.
Replace JF_BACKGROUND with its sort-of opposite JF_SLEEPQ.
Change j->comstring earlier to render JF_RUNQ unncessary.
Change the if-else series to a more readable switch statement.
Treat IP_STOP_TIMEOUT like a command, calling run_command which then
calls term_procs.
When the IP_STOP_TIMEOUT "command" finishes, it shouldn't mess with
the parallelism limit.
Make sufficient checks in finish_command and run_command so that
the nonintuitive j->comstring null check isn't necessary to run them.
Rename the "waiting" queue to "depend", because the "sleeping" and
"runnable" queues are also used to wait for something.
a7a7f45ee7d37f5bd9ccf10c405a51eba7027262 04-Nov-2010 jamie <jamie@FreeBSD.org> Check paths for security:
path must be absolute.
mount paths must exist and have no symlinks beyond the jail's path itself.
consolelog must exist (apart from the final component) and have no
symlinks beyond the jail's path itself.
85767896da1c52300de322e3fc4f29fe9b7e4413 04-Nov-2010 jamie <jamie@FreeBSD.org> Reads the mount.fstab file, and put its lines separately into the
IP__MOUNT_FROM_FSTAB internal parameter.
94aa5f72213aae7248f78420b16afc320dd93e4b 01-Nov-2010 jamie <jamie@FreeBSD.org> Combine check_intparams() and ip_params(), JF_CHECKINT and JF_IPPARAMS.
3c30caa6545349f6810a60f536f3fa8aee2c52fc 27-Oct-2010 jamie <jamie@FreeBSD.org> Don't assume either jid or name is set - they may not be from the
command line.
235aefe21957ecc7c526a419943418bbb1248f11 27-Oct-2010 jamie <jamie@FreeBSD.org> Keep all internal/known parameter names in one place, and use
enum constants everywhere else.
3b31921eb1179730750d3f91afe80cd48a49aa95 20-Oct-2010 jamie <jamie@FreeBSD.org> Initial work on the new jail(8). There are more features to add, and some
cleaning up to do on existing features, but this is pretty much what the
final product will look like.
cecdfcbeea0822ed4b1ce847da15efb757dfa5d5 27-May-2010 cperciva <cperciva@FreeBSD.org> Change the current working directory to be inside the jail created by
the jail(8) command. [10:04]

Fix a one-NUL-byte buffer overflow in libopie. [10:05]

Correctly sanity-check a buffer length in nfs mount. [10:06]

Approved by: so (cperciva)
Approved by: re (kensmith)
Security: FreeBSD-SA-10:04.jail
Security: FreeBSD-SA-10:05.opie
Security: FreeBSD-SA-10:06.nfsclient
c8612ee587015f9d8700cd66f976c478b90c96eb 27-May-2010 cperciva <cperciva@FreeBSD.org> Change the current working directory to be inside the jail created by
the jail(8) command. [10:04]

Fix a one-NUL-byte buffer overflow in libopie. [10:05]

Correctly sanity-check a buffer length in nfs mount. [10:06]

Approved by: so (cperciva)
Approved by: re (kensmith)
Security: FreeBSD-SA-10:04.jail
Security: FreeBSD-SA-10:05.opie
Security: FreeBSD-SA-10:06.nfsclient
f1216d1f0ade038907195fc114b7e630623b402c 19-Mar-2010 delphij <delphij@FreeBSD.org> Create a custom branch where I will be able to do the merge.
f3a133a1c3e51313adf8d92e5bd438b70a684ae6 31-Jul-2009 jamie <jamie@FreeBSD.org> Handle kernels that don't have IPv6 by not sending an "ip6.addr"
parameter unless a (numeric) IPv6 address is given. Even the default
binaries built with -DINET6 will work with IPv6-less kernels. With an
eye to the future, similarly handle the possibility of an IPv4-less kernel.

Approved by: re (kib), bz (mentor)
7c0019fd3084503b16686588e9e052c1a6b6c371 24-Jun-2009 jamie <jamie@FreeBSD.org> Add libjail, a (somewhat) simpler interface to the jail_set and jail_get
system calls and the security.jail.param sysctls.

Approved by: bz (mentor)
8496e0a313f2480e621c3f30cc45dada612aa311 23-Jun-2009 jamie <jamie@FreeBSD.org> Remove obsolete comment describing how the command line is
no longer parsed.

Approved by: bz (mentor)
da4e70cf9ab3e05f67d77de37a7c6c335a5f7e4b 19-Jun-2009 brooks <brooks@FreeBSD.org> In preparation for raising NGROUPS and NGROUPS_MAX, change base
system callers of getgroups(), getgrouplist(), and setgroups() to
allocate buffers dynamically. Specifically, allocate a buffer of size
sysconf(_SC_NGROUPS_MAX)+1 (+2 in a few cases to allow for overflow).

This (or similar gymnastics) is required for the code to actually follow
the POSIX.1-2008 specification where {NGROUPS_MAX} may differ at runtime
and where getgroups may return {NGROUPS_MAX}+1 results on systems like
FreeBSD which include the primary group.

In id(1), don't pointlessly add the primary group to the list of all
groups, it is always the first result from getgroups(). In principle
the old code was more portable, but this was only done in one of the two
places where getgroups() was called to the overall effect was pointless.

Document the actual POSIX requirements in the getgroups(2) and
setgroups(2) manpages. We do not yet support a dynamic NGROUPS, but we
may in the future.

MFC after: 2 weeks
42b3c3219735b93bee6faad0cdc64c925d907212 10-Jun-2009 jamie <jamie@FreeBSD.org> In the old-style jail command line, explicitly set parameters from the
security.jail.* sysctls since jail_set(2) doesn't do it implicitly.

Approved by: bz (mentor)
8dbff96dac0a8009a4169eedbbe59be58a480889 27-May-2009 jamie <jamie@FreeBSD.org> Add support for the arbitrary named jail parameters used by jail_set(2)
and jail_get(2). Jail(8) can now create jails using a "name=value"
format instead of just specifying a limited set of fixed parameters; it
can also modify parameters of existing jails. Jls(8) can display all
parameters of jails, or a specified set of parameters. The available
parameters are gathered from the kernel, and not hard-coded into these
programs.

Small patches on killall(1) and jexec(8) to support jail names with
jail_get(2).

Approved by: bz (mentor)
e730a094f422be0a895e4fbd07e7f1c0b0a28e43 29-Apr-2009 jamie <jamie@FreeBSD.org> With the permission of phk@ change the license on remaining jail code
to a 2 clause BSD license.

Approved by: phk
Approved by: bz (mentor)
d2730d5b27273f2e5a9b9f2703b896b5194496ee 29-Nov-2008 bz <bz@FreeBSD.org> MFp4:
Bring in updated jail support from bz_jail branch.

This enhances the current jail implementation to permit multiple
addresses per jail. In addtion to IPv4, IPv6 is supported as well.
Due to updated checks it is even possible to have jails without
an IP address at all, which basically gives one a chroot with
restricted process view, no networking,..

SCTP support was updated and supports IPv6 in jails as well.

Cpuset support permits jails to be bound to specific processor
sets after creation.

Jails can have an unrestricted (no duplicate protection, etc.) name
in addition to the hostname. The jail name cannot be changed from
within a jail and is considered to be used for management purposes
or as audit-token in the future.

DDB 'show jails' command was added to aid debugging.

Proper compat support permits 32bit jail binaries to be used on 64bit
systems to manage jails. Also backward compatibility was preserved where
possible: for jail v1 syscalls, as well as with user space management
utilities.

Both jail as well as prison version were updated for the new features.
A gap was intentionally left as the intermediate versions had been
used by various patches floating around the last years.

Bump __FreeBSD_version for the afore mentioned and in kernel changes.

Special thanks to:
- Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches
and Olivier Houchard (cognet) for initial single-IPv6 patches.
- Jeff Roberson (jeff) and Randall Stewart (rrs) for their
help, ideas and review on cpuset and SCTP support.
- Robert Watson (rwatson) for lots and lots of help, discussions,
suggestions and review of most of the patch at various stages.
- John Baldwin (jhb) for his help.
- Simon L. Nielsen (simon) as early adopter testing changes
on cluster machines as well as all the testers and people
who provided feedback the last months on freebsd-jail and
other channels.
- My employer, CK Software GmbH, for the support so I could work on this.

Reviewed by: (see above)
MFC after: 3 months (this is just so that I get the mail)
X-MFC Before: 7.2-RELEASE if possible
19b6af98ec71398e77874582eb84ec5310c7156f 22-Nov-2008 dfr <dfr@FreeBSD.org> Clone Kip's Xen on stable/6 tree so that I can work on improving FreeBSD/amd64
performance in Xen's HVM mode.
cf5320822f93810742e3d4a1ac8202db8482e633 19-Oct-2008 lulf <lulf@FreeBSD.org> - Import the HEAD csup code which is the basis for the cvsmode work.
2feee4a415a0d07595e7fbc1358fb09aba7764fe 26-May-2006 matteo <matteo@FreeBSD.org> MFC: Add the -s option to set jail's securelevel.
This is useful for jails run with non-root privileges.

PR: bin/80242
5e2473c61312e2d559473880cbe4a9c290c10893 16-May-2006 maxim <maxim@FreeBSD.org> MFC rev. 1.22: do not mangle current session user login name
with jail -u|-U.
08978d5bee9bfc81ae25a6b3a8971577532cc9aa 12-May-2006 matteo <matteo@FreeBSD.org> correct strtol(3) usage and style(9)

Reviewed by: maxim
MFC after: 2 weeks
9a9ea4b9c84c6e720030fc68a71748185cdebcb5 11-May-2006 maxim <maxim@FreeBSD.org> o Style(9) the previous commit a bit.
e3299095ec06bd390f18e58c9afdded62c00051b 11-May-2006 matteo <matteo@FreeBSD.org> Add the -s option to set jail's securelevel. This is useful for jails run with non-root privileges.

PR: bin/80242
MFC after: 2 weeks
004bb16acb94a6ae31c7405e8ae5b5d5c77bfdfa 16-Apr-2006 maxim <maxim@FreeBSD.org> o Do not mangle current session user login name with jail -u|-U.

PR: bin/94730
Submitted by: Frank Behrens
MFC after: 1 month
1a0293eda73942f1008be66f4a8e10fef1bce1ce 30-Jan-2006 philip <philip@FreeBSD.org> MFC:

Add [-J jid_file] option to write out a JidFile, similar to a PidFile,
containing the jailid, path, hostname, ip and the command used to start
the jail.

src/usr.sbin/jail/jail.8: rev 1.71 -> 1.72
src/usr.sbin/jail/jail.c: rev 1.20 -> 1.21

PR: misc/89883
Submitted by: L. Jason Godsey <lannygodsey -at- yahoo.com>
Reviewed by: phk
865e779b5d6ed4275a000576a9d4af4bf4b52706 03-Dec-2005 philip <philip@FreeBSD.org> Add [-J jid_file] option to write out a JidFile, similar to a PidFile,
containing the jailid, path, hostname, ip and the command used to start
the jail.

PR: misc/89883
Submitted by: L. Jason Godsey <lannygodsey -at- yahoo.com>
Reviewed by: phk
MFC after: 1 week
65c65c74d43a3f0631abd782bc74e25722f5571c 17-Nov-2004 delphij <delphij@FreeBSD.org> Initialize lcap and pwd to NULL. This allows a WARNS=6 clean build,
hence bump it to 6.

Note that the last commit message was not quite accurate. While the
assumption exists in the code, it's not possible to have an
uninitialized p there because if lflag is set when username is NULL
then execution would be terminated earlier.
0c3804bf6558d87ff5fc9d54cf8da178455d475c 17-Nov-2004 delphij <delphij@FreeBSD.org> The code path in main() dealing with lflag assumes that p was
initialized with NULL, while it is not. So let's initialize
it.
d00a4eaaead4ab4b18854f36695ffdd9a4a08df8 02-Oct-2004 stefanf <stefanf@FreeBSD.org> Pass an array of gid_t rather than an array of int to getgroups().

PR: 56646
4c8376863965f4ffe4c6ba2172be1b880cd66fd2 15-Aug-2004 maxim <maxim@FreeBSD.org> o Add -l option to jail(8) similar to su(1): before running jail'ed
program under specific user's credentials, clean the environment and
set only a few variables.

PR: bin/70024
Submitted by: demon
MFC after: 1 month
bf8b1fec3a0ce5222257be036648762be481062e 27-Jun-2004 pjd <pjd@FreeBSD.org> Prepare jail(8) utility for new functionality which will limit
seeing status of mounted file system for jailed processes.
Pass full path of jail's root directory to the kernel. mount(8) utility is
doing the same thing already.
872614c8b30f45e6f74f24ea4a80280a5072d96e 29-May-2004 maxim <maxim@FreeBSD.org> o Implement -U flag: run command as user which exists only in jail.
o getpwnam(3) returns NULL and does not set errno when the user does
not exist. Bail out with "no such user" instead of "Unknown error: 0".

PR: bin/67262
Submitted by: demon (-U flag)
MFC after: 3 weeks
01f9734fe0530da4d03b90e27710d469a3114aeb 06-Jul-2003 charnier <charnier@FreeBSD.org> add FBSDID
82a28ce246cd7ac3542c081b0939802c8465fa4e 21-Apr-2003 mike <mike@FreeBSD.org> Force output of jail ID (if necessary) before excuting the command,
otherwise redirection of stdout to a file using block buffering will
not complete in time.
6067525913c2a13f7785f6d88dc81df85cde5812 09-Apr-2003 mike <mike@FreeBSD.org> o Add jls(8) for listing active jails.
o Add jexec(8) to execute a command in an existing jail.
o Add -j option for killall(1) to kill all processes in a specified
jail.
o Add -i option to jail(8) to output jail ID of newly created jail.
9b881ef3fc4401d749285474437b86ad904c0b01 07-Apr-2003 maxim <maxim@FreeBSD.org> Free login_cap(3) resources after usage.

Submitted by: demon
9ab2ed3bdb796432bbf29e91a81e256908605657 02-Apr-2003 maxim <maxim@FreeBSD.org> o Fix error messages formatting, style.

Prodded by: bde
Reviewed by: bde
723ed21bcbe9494283ee6dd674eaa8b307d6a451 27-Mar-2003 maxim <maxim@FreeBSD.org> o Add -u <username> flag to jail(8): set user context before exec.

PR: bin/44320
Submitted by: Mike Matsnev <mike@po.cs.msu.su>
Reviewed by: -current
MFC after: 6 weeks
4d6b787d2daa6eb05c0f3526d65b0b92b1afa715 22-Apr-2002 des <des@FreeBSD.org> Usage style sweep: spell "usage" with a small 'u'.
Also change one case of blatant __progname abuse (several more remain)
This commit does not touch anything in src/{contrib,crypto,gnu}/.
2328ceabcafef80785f95e6e10f8be4b84bb590b 24-Jun-2001 dd <dd@FreeBSD.org> Add missing includes and sort includes.
e3cab8dc0ccb8294d22f3d896a277e5404f8d59b 24-Jun-2001 dd <dd@FreeBSD.org> Include missing header files which define functions for which gcc has
builtints (e.g., exit, strcmp).
b42951578188c5aab5c9f8cbcde4a743f8092cdc 02-Apr-2000 cvs2svn <cvs2svn@FreeBSD.org> This commit was manufactured by cvs2svn to create branch 'ALSA'.
b364262c2eaf35eea8405454f53263cd494036f2 19-Sep-1999 phk <phk@FreeBSD.org> Add a version number field to the jail(2) argument so that future changes
can be handled intelligently.

WARNING: you will need to reinstall #includes and recompile jail(8).
efabb9ccb197b05958967dd035c279ba3bc19cb0 28-Aug-1999 peter <peter@FreeBSD.org> $Id$ -> $FreeBSD$
16a5877732447857117321cb1c7e70f451d91c97 05-May-1999 phk <phk@FreeBSD.org> Various cosmetics.

Submitted by: Rudolf Cejka <cejkar@dcse.fee.vutbr.cz>
Reviewed by: phk
592151ff9360b8e4ee79e512d69dd84bd934ec05 04-May-1999 phk <phk@FreeBSD.org> Fix various bogons.

Submitted by: Rudolf Cejka <cejkar@dcse.fee.vutbr.cz>
Reviewed by: phk
ca21a25f173ed030b0093e4d83140e3b0b43db01 28-Apr-1999 phk <phk@FreeBSD.org> This Implements the mumbled about "Jail" feature.

This is a seriously beefed up chroot kind of thing. The process
is jailed along the same lines as a chroot does it, but with
additional tough restrictions imposed on what the superuser can do.

For all I know, it is safe to hand over the root bit inside a
prison to the customer living in that prison, this is what
it was developed for in fact: "real virtual servers".

Each prison has an ip number associated with it, which all IP
communications will be coerced to use and each prison has its own
hostname.

Needless to say, you need more RAM this way, but the advantage is
that each customer can run their own particular version of apache
and not stomp on the toes of their neighbors.

It generally does what one would expect, but setting up a jail
still takes a little knowledge.

A few notes:

I have no scripts for setting up a jail, don't ask me for them.

The IP number should be an alias on one of the interfaces.

mount a /proc in each jail, it will make ps more useable.

/proc/<pid>/status tells the hostname of the prison for
jailed processes.

Quotas are only sensible if you have a mountpoint per prison.

There are no privisions for stopping resource-hogging.

Some "#ifdef INET" and similar may be missing (send patches!)

If somebody wants to take it from here and develop it into
more of a "virtual machine" they should be most welcome!

Tools, comments, patches & documentation most welcome.

Have fun...

Sponsored by: http://www.rndassociates.com/
Run for almost a year by: http://www.servetheweb.com/