os/doc
3
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Minor edits for punctuation and clarity. Space callouts to align evenly

Browse source 
so they do not look like part of the content.

Reviewed by:	bjk, db (clarity of "what is a jail" part only)
This commit is contained in:
Warren Block 2013-06-25 02:50:16 +00:00
parent cee551b9fc
commit eab87bb917
Notes: svn2git 2020-12-08 03:00:23 +00:00 
svn path=/head/; revision=42035
1 changed files with 9 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

19
en_US.ISO8859-1/books/handbook/jails/chapter.xml
View file

@ -173,7 +173,7 @@
For that reason, compromising a service running in a chrooted For that reason, compromising a service running in a chrooted
environment should not allow the attacker to compromise the environment should not allow the attacker to compromise the
entire system. The &man.chroot.8; utility is good for easy entire system. The &man.chroot.8; utility is good for easy
tasks, which do not require a lot of flexibility or complex and tasks which do not require much flexibility or complex,
advanced features. Since the inception of the advanced features. Since the inception of the
chroot concept, however, many ways have been found to escape from a chroot concept, however, many ways have been found to escape from a
chrooted environment and, although they have been fixed in chrooted environment and, although they have been fixed in
@ -185,7 +185,7 @@
<emphasis>jails</emphasis> were developed.</para> <emphasis>jails</emphasis> were developed.</para>
<para>Jails improve on the concept of the traditional <para>Jails improve on the concept of the traditional
&man.chroot.2; environment, in several ways. In a traditional &man.chroot.2; environment in several ways. In a traditional
&man.chroot.2; environment, processes are only limited in the &man.chroot.2; environment, processes are only limited in the
part of the file system they can access. The rest of the system part of the file system they can access. The rest of the system
resources (like the set of system users, the running processes, resources (like the set of system users, the running processes,
@ -225,9 +225,8 @@
<listitem> <listitem>
<para>A command &mdash; the path name of an executable to run <para>A command &mdash; the path name of an executable to run
inside the jail. This is relative to the root directory of inside the jail. The path name is relative to the root directory of
the jail environment, and may vary a lot, depending on the the jail environment.</para>
type of the specific jail environment.</para>
</listitem> </listitem>
</itemizedlist> </itemizedlist>
@ -257,12 +256,12 @@
the procedure for building a jail:</para> the procedure for building a jail:</para>
<screen>&prompt.root; <userinput>setenv D <replaceable>/here/is/the/jail</replaceable></userinput> <screen>&prompt.root; <userinput>setenv D <replaceable>/here/is/the/jail</replaceable></userinput>
&prompt.root; <userinput>mkdir -p $D</userinput> <co id="jailpath"/> &prompt.root; <userinput>mkdir -p $D</userinput> <co id="jailpath"/>
&prompt.root; <userinput>cd /usr/src</userinput> &prompt.root; <userinput>cd /usr/src</userinput>
&prompt.root; <userinput>make buildworld</userinput> <co id="jailbuildworld"/> &prompt.root; <userinput>make buildworld</userinput> <co id="jailbuildworld"/>
&prompt.root; <userinput>make installworld DESTDIR=$D</userinput> <co id="jailinstallworld"/> &prompt.root; <userinput>make installworld DESTDIR=$D</userinput> <co id="jailinstallworld"/>
&prompt.root; <userinput>make distribution DESTDIR=$D</userinput> <co id="jaildistrib"/> &prompt.root; <userinput>make distribution DESTDIR=$D</userinput> <co id="jaildistrib"/>
&prompt.root; <userinput>mount -t devfs devfs $D/dev</userinput> <co id="jaildevfs"/></screen> &prompt.root; <userinput>mount -t devfs devfs $D/dev</userinput> <co id="jaildevfs"/></screen>
<calloutlist> <calloutlist>
<callout arearefs="jailpath"> <callout arearefs="jailpath">