xref: /dflybsd-src/lib/libc/sys/jail.2 (revision 86d7f5d305c6adaa56ff4582ece9859d73106103)

.\"
.\"----------------------------------------------------------------------------
.\""THE BEER-WARE LICENSE" (Revision 42):
.\"<phk@FreeBSD.ORG> wrote this file.  As long as you retain this notice you
.\"can do whatever you want with this stuff. If we meet some day, and you think
.\"this stuff is worth it, you can buy me a beer in return.   Poul-Henning Kamp
.\"----------------------------------------------------------------------------
.\"
.\"$FreeBSD: src/lib/libc/sys/jail.2,v 1.10.2.10 2002/12/12 05:26:38 trhodes Exp $
.\"$DragonFly: src/lib/libc/sys/jail.2,v 1.11 2007/11/21 19:12:40 swildner Exp $
.\"
.Dd April 28, 1999
.Dt JAIL 2
.Os
.Sh NAME
.Nm jail
.Nd imprison current process and future descendants
.Sh LIBRARY
.Lb libc
.Sh SYNOPSIS
.In sys/types.h
.In sys/jail.h
.Ft int
.Fn jail "struct jail *jail"
.Sh DESCRIPTION
The
.Nm
system call sets up a jail and locks the current process in it.
.Pp
The argument is a pointer to a structure describing the prison:
.Bd -literal -offset indent
struct jail {
	uint32_t	version;
	char 		*path;
	char 		*hostname;
	uint32_t	n_ips;
	struct sockaddr_storage *ips;
};
.Ed
.Pp
.Dq Li version
defines the version of the API in use.  It should be set to 1 at this time.
.Pp
The
.Dq Li path
pointer should be set to the directory which is to be the root of the
prison.
.Pp
The
.Dq Li hostname
pointer can be set to the hostname of the prison.  This can be changed
from the inside of the prison.
.Pp
.Dq Li n_ips
is the number of IP addresses that are on ips.
.Pp
The
.Dq ips
pointer contains the IP addresses assigned to the jail.
.Sh PRISON
Once a process has been put in a prison, it and its descendants cannot escape
the prison.
A process can be attached to a prison by calling
.Xr jail_attach 2 .
.Pp
Inside the prison, the concept of "superuser" is very diluted.  In general,
it can be assumed that nothing can be mangled from inside a prison which
does not exist entirely inside that prison.  For instance the directory
tree below
.Dq Li path
can be manipulated all the ways a root can normally do it, including
.Dq Li "rm -rf /*"
but new device special nodes cannot be created because they reference
shared resources (the device drivers in the kernel).
.Pp
All IP activity will be forced to happen to/from the IP numbers specified,
which should be an alias on one or more of the network interfaces.
.Pp
It is possible to identify a process as jailed by examining
.Dq Li /proc/<pid>/status :
it will show a field near the end of the line, either as
a single hyphen for a process at large, or the hostname currently
set for the prison for jailed processes.
.Pp
The program
.Xr jls 8
ca be used to identify all active jails.
.Sh RETURN VALUES
If successful,
.Fn jail
returns a non-negative integer, termed the jail identifier (JID).
It returns -1 on failure, and sets
.Va errno
to indicate the error.
.Sh ERRORS
The
.Fn jail
system call will fail if:
.Bl -tag -width Er
.It Bq Er EINVAL
The version number of the argument is not correct.
.El
.Pp
Further
.Fn jail
calls
.Xr chroot 2
internally, so it can fail for all the same reasons.
Please consult the
.Xr chroot 2
manual page for details.
.Sh SEE ALSO
.Xr chdir 2 ,
.Xr chroot 2 ,
.Xr jail_attach 2 ,
.Xr jail 8 ,
.Xr jexec 8 ,
.Xr jls 8
.Sh HISTORY
The
.Fn jail
function call appeared in
.Fx 4.0 .
.Sh AUTHORS
The jail feature was written by
.An Poul-Henning Kamp
for R&D Associates
.Dq Pa http://www.rndassociates.com/
who contributed it to
.Fx .