xenial (1) rsbac_jail.1.gz

Provided by: rsbac-admin_1.4.0-repack-0ubuntu5_amd64 bug

NAME

       rsbac_jail - put program into RSBAC jail

SYNOPSIS

       rsbac_jail [-vilnrao] {path} {IP} {prog} [args]

DESCRIPTION

       All  Linux  kernels provide the chroot system call to confine a process in a subdirectory. Unfortunately,
       this does not protect the system from root processes, and it can  be  broken  out  of.  The  JAIL  module
       extends  the  chroot  system  call  functionality to provide a superset of the FreeBSD jail functionality
       (except individual kernel level hostnames).

       This program will put the process into a jail with chroot to path, ip address IP and  then  execute  prog
       with args.

       See appropriate RSBAC documentation about for JAIL module details.

OPTIONS

       -v     verbose program output

       -i     allow access to IPC outside this jail

       -l     allow jailed processes to change their rlimits

       -n     allow all network families, not only UNIX and INET (IPv4)

       -r     allow INET (IPv4) raw sockets (e.g. for ping)

       -a     auto-adjust INET any address 0.0.0.0 to jail address, if set

       -o     additionally allow to/from remote INET (IPv4) address 127.0.0.1

AUTHOR

       Amon Ott <ao@rsbac.org>.