forked from freebsd/freebsd-src
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathjail.3
283 lines (283 loc) · 6.83 KB
/
jail.3
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
.\" Copyright (c) 2009 James Gritton.
.\" All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in the
.\" documentation and/or other materials provided with the distribution.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.\" $FreeBSD$
.\"
.Dd August 31, 2010
.Dt JAIL 3
.Os
.Sh NAME
.Nm jail_getid ,
.Nm jail_getname ,
.Nm jail_setv ,
.Nm jail_getv ,
.Nm jailparam_all ,
.Nm jailparam_init ,
.Nm jailparam_import ,
.Nm jailparam_import_raw ,
.Nm jailparam_set ,
.Nm jailparam_get ,
.Nm jailparam_export ,
.Nm jailparam_free
.Nd create and manage system jails
.Sh LIBRARY
.Lb libjail
.Sh SYNOPSIS
.In sys/param.h
.In sys/jail.h
.In jail.h
.Vt extern char jail_errmsg[] ;
.Ft int
.Fn jail_getid "const char *name"
.Ft char *
.Fn jail_getname "int jid"
.Ft int
.Fn jail_setv "int flags" ...
.Ft int
.Fn jail_getv "int flags" ...
.Ft int
.Fn jailparam_all "struct jailparam **jpp"
.Ft int
.Fn jailparam_init "struct jailparam *jp" "const char *name"
.Ft int
.Fn jailparam_import "struct jailparam *jp" "const char *value"
.Ft int
.Fn jailparam_import_raw "struct jailparam *jp" "void *value" "size_t valuelen"
.Ft int
.Fn jailparam_set "struct jailparam *jp" "unsigned njp" "int flags"
.Ft int
.Fn jailparam_get "struct jailparam *jp" "unsigned njp" "int flags"
.Ft char *
.Fn jailparam_export "struct jailparam *jp"
.Ft void
.Fn jailparam_free "struct jailparam *jp" "unsigned njp"
.Sh DESCRIPTION
The
.Nm jail
library is an interface to the
.Xr jail_set 2
and
.Xr jail_get 2
system calls, and the
.Va security.jail.param
MIB entries.
It simplifies the conversion of prison parameters between internal and
string formats, allowing the setting and querying of prisons without
knowing the parameter formats.
.Pp
The
.Fn jail_getid
function returns the JID of the jail identified by
.Fa name ,
or \-1 if the jail does not exist.
.Pp
The
.Fn jail_getname
function returns the name of the jail identified by
.Fa jid ,
or
.Dv NULL
if the jail does not exist.
.Pp
The
.Fn jail_setv
function takes a null-terminated list of name and value strings,
and passes it to
.Xr jail_set 2 .
.Pp
The
.Fn jail_getv
function takes a null-terminated list of name and value strings,
and passes it to
.Xr jail_get 2 .
It is the caller's responsibility to ensure that the value strings point
to buffers large enough to hold the string representation of the
returned parameters.
.Pp
The
.Fn jailparam_all
function sets
.Fa jpp
to a list of all known jail parameters, and returns the number of
parameters.
The list should later be freed with
.Fn jailparam_free
and
.Xr free 3 .
.Pp
The
.Fn jailparam_init
function clears a parameter record and copies the
.Fa name
to it.
After use, it should be freed with
.Fn jailparam_free .
.Pp
The
.Fn jailparam_import
function adds a
.Fa value
to a parameter record, converting it from a string to its native form.
The
.Fn jailparam_import_raw
function adds a value without performing any conversion.
.Pp
The
.Fn jailparam_set
function passes a list of parameters to
.Xr jail_set 2 .
The parameters are assumed to have been created with
.Fn jailparam_init
and
.Fn jailparam_import .
.Pp
The
.Fn jailparam_get
function passes a list of parameters to
.Xr jail_get 2 .
The parameters are assumed to have been created with
.Fn jailparam_init
or
.Fn jailparam_list ,
with one parameter (the key) having been given a value with
.Fn jailparam_import .
.Pp
The
.Fn jailparam_export
function returns the string equivalent of a parameter value.
The returned string should be freed after use.
.Pp
The
.Fn jailparam_free
function frees the stored names and values in a parameter list.
If the list itself came from
.Fn jailparam_all ,
it should be freed as well.
.Sh RETURN VALUES
The
.Fn jail_getid ,
.Fn jail_setv ,
.Fn jail_getv ,
.Fn jailparam_set
and
.Fn jailparam_get
functions return a JID on success, or \-1 on error.
.Pp
The
.Fn jail_getname
and
.Fn jailparam_export
functions return a dynamically allocated string on success, or
.Dv NULL
on error.
.Pp
The
.Fn jailparam_all
function returns the number of parameters on success, or \-1 on error.
.Pp
The
.Fn jailparam_init ,
.Fn jailparam_import
and
.Fn jailparam_import_raw
functions return 0 on success, or \-1 on error.
.Pp
Whenever an error is returned,
.Va errno
is set, and the global string
.Va jail_errmsg
contains a description of the error, possibly from
.Xr jail_set 2
or
.Xr jail_get 2 .
.Sh EXAMPLES
Set the hostname of jail
.Dq foo
to
.Dq foo.bar :
.Bd -literal -offset indent
jail_setv(JAIL_UPDATE, "name", "foo", "host.hostname", "foo.bar",
NULL);
.Ed
.Pp
OR:
.Bd -literal -offset indent
struct jailparam params[2];
jailparam_init(¶ms[0], "name");
jailparam_import(¶ms[0], "foo");
jailparam_init(¶ms[1], "host.hostname");
jailparam_import(¶ms[1], "foo.bar");
jailparam_set(params, 2, JAIL_UPDATE);
jailparam_free(params, 2);
.Ed
.Pp
Retrieve the hostname of jail
.Dq foo :
.Bd -literal -offset indent
char hostname[MAXHOSTNAMELEN];
jail_getv(0, "name", "foo", "host.hostname", hostname, NULL);
.Ed
.Pp
OR:
.Bd -literal -offset indent
struct jailparam params[2];
jailparam_init(¶ms[0], "name");
jailparam_import(¶ms[0], "foo");
jailparam_init(¶ms[1], "host.hostname");
jailparam_get(params, 2, 0);
hostname = jailparam_export(¶ms[1]);
jailparam_free(params, 2);
\&...
free(hostname);
.Ed
.Sh ERRORS
The
.Nm jail
functions may return errors from
.Xr jail_set 2 ,
.Xr jail_get 2 ,
.Xr malloc 3
or
.Xr sysctl 3 .
In addition, the following errors are possible:
.Bl -tag -width Er
.It Bq Er EINVAL
A parameter value cannot be converted from the passed string to its
internal form.
.It Bq Er ENOENT
The named parameter does not exist.
.It Bq Er ENOENT
A parameter is of an unknown type.
.El
.Sh SEE ALSO
.Xr jail 2 ,
.Xr sysctl 3 ,
.Xr jail 8
.Sh HISTORY
The
.Nm jail
library first appeared in
.Fx 8.0 .
.Sh AUTHORS
.An James Gritton