rsbac_jail

Langue: en

Version: May 2003 (ubuntu - 07/07/09)

Section: 1 (Commandes utilisateur)

NAME

rsbac_jail - put program into RSBAC jail

SYNOPSIS

rsbac_jail [-vilnrao] {path} {IP} {prog} [args]

DESCRIPTION

All Linux kernels provide the chroot system call to confine a process in a subdirectory. Unfortunately, this does not protect the system from root processes, and it can be broken out of. The JAIL module extends the chroot system call functionality to provide a superset of the FreeBSD jail functionality (except individual kernel level hostnames).

This program will put the process into a jail with chroot to path, ip address IP and then execute prog with args.

See appropriate RSBAC documentation about for JAIL module details.

OPTIONS

-v
verbose program output
-i
allow access to IPC outside this jail
-l
allow jailed processes to change their rlimits
-n
allow all network families, not only UNIX and INET (IPv4)
-r
allow INET (IPv4) raw sockets (e.g. for ping)
-a
auto-adjust INET any address 0.0.0.0 to jail address, if set
-o
additionally allow to/from remote INET (IPv4) address 127.0.0.1

AUTHOR

Amon Ott <ao@rsbac.org>.