From: sjg Date: Tue, 12 Jun 2012 17:16:56 +0000 (-0700) Subject: removed X-Git-Url: https://gitweb.dragonflybsd.org/ikiwiki.git/commitdiff_plain/bc2bc303703290f51b64a6f55f2f941b0c98d77f removed --- diff --git a/docs/handbook/handbook-jails-tuning.mdwn b/docs/handbook/handbook-jails-tuning.mdwn deleted file mode 100644 index 9b7536e4..00000000 --- a/docs/handbook/handbook-jails-tuning.mdwn +++ /dev/null @@ -1,77 +0,0 @@ - - -# 12.5 Fine Tuning and Administration - - - - There are several options which can be set for any jail, and various ways of combining a host DragonFly system with jails, to produce higher level applications. This section presents some of the options available for tuning the behavior and security restrictions implemented by a jail installation. - - - -## 12.5.1 System tools for jail tuning in DragonFly - - - - Fine tuning of a jail's configuration is mostly done by setting [sysctl(8)](http://leaf.dragonflybsd.org/cgi/web-man?command#sysctl§ion8) variables. A special subtree of sysctl exists as a basis for organizing all the relevant options: the ***securityjail*** hierarchy of DragonFly kernel options. Here is a list of the main jail-related sysctls, complete with their default value. Names should be self-explanatory, but for more information about them, please refer to the [jail(8)](http://leaf.dragonflybsd.org/cgi/web-man?command=jail§ion=8) and [sysctl(8)](http://leaf.dragonflybsd.org/cgi/web-man?command=sysctl§ion=8) manual pages. - - - - -* jail.set_hostname_allowed: 1 - - -* jail.socket_unixiproute_only: 1 - - -* jail.sysvipc_allowed: 0 - - -* jail.enforce_statfs: 2 - - -* jail.allow_raw_sockets: 0 - - -* jail.chflags_allowed: 0 - - -* jail.jailed: 0 - - - -These variables can be used by the system administrator of the host system to add or remove some of the limitations imposed by default on the root user. Note that there are some limitations which cannot be removed. The root user is not allowed to mount or unmount file systems from within a [jail(8)](http://leaf.dragonflybsd.org/cgi/web-man?command#jail§ion8). The root inside a jail may not set firewall rules or do many other administrative tasks which require modifications of in-kernel data, such as setting the securelevel of the kernel. - - - -*** - - The base system of DragonFly contains a basic set of tools for viewing information about the active jails, and attaching to a jail to run administrative commands. The [jls(8)](http://leaf.dragonflybsd.org/cgi/web-man?command#jls§ion8) and [jexec(8)](http://leaf.dragonflybsd.org/cgi/web-man?command=jexec§ion=8) commands are part of the base DragonFly system, and can be used to perform the following simple tasks: - - - - - -* Print a list of active jails and their corresponding jail identifier (JID), IP address, hostname and path. - - - - - - -* Attach to a running jail, from its host system, and run a command inside the jail or perform administrative tasks inside the jail itself. This is especially useful when the root user wants to cleanly shut down a jail. The [jexec(8)](http://leaf.dragonflybsd.org/cgi/web-man?command#jexec§ion8) utility can also be used to start a shell in a jail to do administration in it; for example: - - -*** - *** - - - # jexec 1 tcsh - - - - - ----- - - -