NAME
rsbac_jail - put program into RSBAC jail
SYNOPSIS
rsbac_jail [-vilnrao] {path} {IP} {prog} [args]
DESCRIPTION
All Linux kernels provide the chroot system call to confine a process
in a subdirectory. Unfortunately, this does not protect the system from
root processes, and it can be broken out of. The JAIL module extends
the chroot system call functionality to provide a superset of the
FreeBSD jail functionality (except individual kernel level hostnames).
This program will put the process into a jail with chroot to path, ip
address IP and then execute prog with args.
See appropriate RSBAC documentation about for JAIL module details.
OPTIONS
-v verbose program output
-i allow access to IPC outside this jail
-l allow jailed processes to change their rlimits
-n allow all network families, not only UNIX and INET (IPv4)
-r allow INET (IPv4) raw sockets (e.g. for ping)
-a auto-adjust INET any address 0.0.0.0 to jail address, if set
-o additionally allow to/from remote INET (IPv4) address 127.0.0.1
AUTHOR
Amon Ott <ao@rsbac.org>.