NAME

       rsbac_jail - put program into RSBAC jail

SYNOPSIS

       rsbac_jail [-vilnrao] {path} {IP} {prog} [args]

DESCRIPTION

       All  Linux  kernels provide the chroot system call to confine a process in a subdirectory.
       Unfortunately, this does not protect the system from root processes, and it can be  broken
       out of. The JAIL module extends the chroot system call functionality to provide a superset
       of the FreeBSD jail functionality (except individual kernel level hostnames).

       This program will put the process into a jail with chroot to path, ip address IP and  then
       execute prog with args.

       See appropriate RSBAC documentation about for JAIL module details.

OPTIONS

       -v     verbose program output

       -i     allow access to IPC outside this jail

       -l     allow jailed processes to change their rlimits

       -n     allow all network families, not only UNIX and INET (IPv4)

       -r     allow INET (IPv4) raw sockets (e.g. for ping)

       -a     auto-adjust INET any address 0.0.0.0 to jail address, if set

       -o     additionally allow to/from remote INET (IPv4) address 127.0.0.1

AUTHOR

       Amon Ott <ao@rsbac.org>.