Minor edits for punctuation and clarity. Space callouts to align evenly
so they do not look like part of the content. Reviewed by: bjk, db (clarity of "what is a jail" part only)
This commit is contained in:
Warren Block
parent
cee551b9fc
commit
eab87bb917
Notes:
svn2git
2020-12-08 03:00:23 +00:00
svn path=/head/; revision=42035
1 changed files with 9 additions and 10 deletions
|
|
@ -173,7 +173,7 @@
|
|||
For that reason, compromising a service running in a chrooted
|
||||
environment should not allow the attacker to compromise the
|
||||
entire system. The &man.chroot.8; utility is good for easy
|
||||
tasks, which do not require a lot of flexibility or complex and
|
||||
tasks which do not require much flexibility or complex,
|
||||
advanced features. Since the inception of the
|
||||
chroot concept, however, many ways have been found to escape from a
|
||||
chrooted environment and, although they have been fixed in
|
||||
|
|
@ -185,7 +185,7 @@
|
|||
<emphasis>jails</emphasis> were developed.</para>
|
||||
|
||||
<para>Jails improve on the concept of the traditional
|
||||
&man.chroot.2; environment, in several ways. In a traditional
|
||||
&man.chroot.2; environment in several ways. In a traditional
|
||||
&man.chroot.2; environment, processes are only limited in the
|
||||
part of the file system they can access. The rest of the system
|
||||
resources (like the set of system users, the running processes,
|
||||
|
|
@ -225,9 +225,8 @@
|
|||
|
||||
<listitem>
|
||||
<para>A command — the path name of an executable to run
|
||||
inside the jail. This is relative to the root directory of
|
||||
the jail environment, and may vary a lot, depending on the
|
||||
type of the specific jail environment.</para>
|
||||
inside the jail. The path name is relative to the root directory of
|
||||
the jail environment.</para>
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
|
||||
|
|
@ -257,12 +256,12 @@
|
|||
the procedure for building a jail:</para>
|
||||
|
||||
<screen>&prompt.root; <userinput>setenv D <replaceable>/here/is/the/jail</replaceable></userinput>
|
||||
&prompt.root; <userinput>mkdir -p $D</userinput> <co id="jailpath"/>
|
||||
&prompt.root; <userinput>mkdir -p $D</userinput> <co id="jailpath"/>
|
||||
&prompt.root; <userinput>cd /usr/src</userinput>
|
||||
&prompt.root; <userinput>make buildworld</userinput> <co id="jailbuildworld"/>
|
||||
&prompt.root; <userinput>make installworld DESTDIR=$D</userinput> <co id="jailinstallworld"/>
|
||||
&prompt.root; <userinput>make distribution DESTDIR=$D</userinput> <co id="jaildistrib"/>
|
||||
&prompt.root; <userinput>mount -t devfs devfs $D/dev</userinput> <co id="jaildevfs"/></screen>
|
||||
&prompt.root; <userinput>make buildworld</userinput> <co id="jailbuildworld"/>
|
||||
&prompt.root; <userinput>make installworld DESTDIR=$D</userinput> <co id="jailinstallworld"/>
|
||||
&prompt.root; <userinput>make distribution DESTDIR=$D</userinput> <co id="jaildistrib"/>
|
||||
&prompt.root; <userinput>mount -t devfs devfs $D/dev</userinput> <co id="jaildevfs"/></screen>
|
||||
|
||||
<calloutlist>
|
||||
<callout arearefs="jailpath">
|
||||
|
|
|
|||
Loading…
Reference in a new issue