os/doc
3
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
doc/ja_JP.eucJP/man/man8/jail.8
Kazuo Horikawa 5200983a61 Catch up 4.0-20000712-STABLE
2000-07-13 03:28:50 +00:00

350 lines
11 KiB
Groff
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

.\"
.\"Copyright (c) 2000 Robert N. M. Watson
.\"All rights reserved.
.\"
.\"Redistribution and use in source and binary forms, with or without
.\"modification, are permitted provided that the following conditions
.\"are met:
.\"1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\"2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in the
.\" documentation and/or other materials provided with the distribution.
.\"
.\"THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
.\"ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\"IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
.\"ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
.\"FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
.\"DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
.\"OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\"HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
.\"LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
.\"OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\"SUCH DAMAGE.
.\"
.\"
.\"----------------------------------------------------------------------------
.\""THE BEER-WARE LICENSE" (Revision 42):
.\"<phk@FreeBSD.ORG> wrote this file. As long as you retain this notice you
.\"can do whatever you want with this stuff. If we meet some day, and you think
.\"this stuff is worth it, you can buy me a beer in return. Poul-Henning Kamp
.\"----------------------------------------------------------------------------
.\"
.\"%FreeBSD: src/usr.sbin/jail/jail.8,v 1.13.2.2 2000/07/08 14:43:34 dannyboy Exp %
.\"
.Dd April 28, 1999
.\" jpman %Id: jail.8,v 1.3 2000/05/22 03:23:14 takamune Stab %
.Dt JAIL 8
.Os FreeBSD 4.0
.Sh ̾¾Î
.Nm jail
.Nd ¥×¥í¥»¥¹¤È¤½¤Î»Ò¹¤òÊĤ¸¹þ¤á¤ë
.Sh ½ñ¼°
.Nm jail
.Ar path
.Ar hostname
.Ar ip-number
.Ar command
.Ar ...
.Sh ²òÀâ
.Nm
¥³¥Þ¥ó¥É¤Ï¥×¥í¥»¥¹¤È¤½¤Î¾­Íè¤Î»Ò¹¤òÊĤ¸¹þ¤á¤Þ¤¹¡£
.Pp
¾ÜºÙ¤Ï
.Xr jail 2
¤Î¥Þ¥Ë¥å¥¢¥ë¥Ú¡¼¥¸¤ò»²¾È¤·¤Æ¤¯¤À¤µ¤¤¡£
.Sh »ÈÍÑÎã
.Ss jail Íѥǥ£¥ì¥¯¥È¥ê¥Ä¥ê¡¼ÀßÄê
¤³¤ÎÎã¤Ï jail Íѥǥ£¥ì¥¯¥È¥ê¥Ä¥ê¡¼¤ò¤É¤Î¤è¤¦¤Ë¹½ÃÛ¤¹¤ë¤«¤ò¼¨¤·¤Æ¤¤¤Þ¤¹:
.Bd -literal
D=/here/is/the/jail
cd /usr/src
make hierarchy DESTDIR=$D
make obj
make depend
make all
make install DESTDIR=$D
cd etc
make distribution DESTDIR=$D NO_MAKEDEV=yes
cd $D/dev
sh MAKEDEV jail
cd $D
ln -sf dev/null kernel
.Ed
.Ss jail ¤ÎÀßÄê
jail Íѥǥ£¥ì¥¯¥È¥ê¥Ä¥ê¡¼¤Î¹½ÃۤΤ¿¤á¤Ë¤Ï¡¢
.Sx jail Íѥǥ£¥ì¥¯¥È¥ê¥Ä¥ê¡¼ÀßÄê
¤Ëµ­½Ò¤µ¤ì¤Æ¤¤¤ë¼ê½ç¤ò¼Â¹Ô¤·¤Æ¤¯¤À¤µ¤¤¡£
¤³¤ÎÎã¤Ç¤Ï¡¢jail ¤µ¤ì¤¿ IP ¥¢¥É¥ì¥¹ÍѤË
.Pa /data/jail/192.168.11.100
¤Ë¹½ÃÛ¤¹¤ë¤â¤Î¤È²¾Äꤷ¤Þ¤¹¡£
°Ê¹ß¡¢
¤¢¤Ê¤¿¤¬É¬ÍפȤ¹¤ë¥Ç¥£¥ì¥¯¥È¥ê¡¢IP ¥¢¥É¥ì¥¹¡¢¥Û¥¹¥È̾¤ÇÃÖ¤­´¹¤¨¤Æ¤¯¤À¤µ¤¤¡£
.Pp
¤Þ¤º¡¢¼Â¥·¥¹¥Æ¥à¤Î´Ä¶­¤ò
.Dq jail ¤ËŬ¤·¤¿´Ä¶­
¤Ë¤·¤Þ¤¹¡£
°ì´ÓÀ­¤Î¤¿¤á¤Ë¡¢¿Æ¤È¤Ê¤ë¼Â¥Þ¥·¥ó¤ò
.Dq ¥Û¥¹¥È´Ä¶­
¤È¸Æ¤Ó¡¢jail ¤µ¤ì¤ë²¾ÁÛ¥Þ¥·¥ó¤ò
.Dq jail ´Ä¶­
¤È¸Æ¤Ó¤Þ¤¹¡£
jail ¤Ï IP ¥¨¥¤¥ê¥¢¥¹¤ò»ÈÍѤ·¤Æ¼ÂÁõ¤µ¤ì¤Æ¤¤¤Þ¤¹¤Î¤Ç¡¢
ºÇ½é¤Ë¤¹¤Ù¤­¤³¤È¤Î¤Ò¤È¤Ä¤Ï¡¢
¥Û¥¹¥È¥·¥¹¥Æ¥à¤Î IP ¥µ¡¼¥Ó¥¹¤Ç¡¢
Á´¥í¡¼¥«¥ë IP ¥¢¥É¥ì¥¹¤ËÂФ·¤Æ¥µ¡¼¥Ó¥¹¤ò listen ¤·¤Æ¤¤¤ë¤â¤Î¤ò¡¢
̵¸ú²½¤¹¤ë¤³¤È¤Ç¤¹¡£
¤³¤ì¤Ï¡¢
.Xr inetd 8
¤ò½¤Àµ¤·¤Æ¡¢Å¬ÀÚ¤Ê IP ¥¢¥É¥ì¥¹¤Î¤ß listen ¤µ¤»¤ë¤È¤¤¤Ã¤¿
¤³¤È¤ò°ÕÌ£¤·¤Þ¤¹¡£
¼¡¤ÎÀßÄê¤ò¡¢¥Û¥¹¥È´Ä¶­¤Î
.Pa /etc/rc.conf
¤ËÄɲä·¤Þ¤¹:
.Bd -literal -offset indent
sendmail_enable="NO"
inetd_flags="-wW -a 192.168.11.23"
portmap_enable="NO"
syslogd_flags="-ss"
.Ed
.Pp
¤³¤ÎÎã¤Ç¤Ï¡¢
.Li 192.169.11.23
¤Ï¥Û¥¹¥È¥·¥¹¥Æ¥à¤Î¸µ¡¹¤Î IP ¥¢¥É¥ì¥¹¤Ç¤¹¡£
.Xr inetd 8
¤«¤é¼Â¹Ô¤µ¤ì¤ë¥Ç¡¼¥â¥ó¤Ï¡¢»ØÄꤵ¤ì¤¿¥Û¥¹¥È IP ¥¢¥É¥ì¥¹¤ò»ÈÍѤ¹¤ë¤è¤¦¡¢
´Êñ¤ËÀßÄê²Äǽ¤Ç¤¹¡£
¾¤Î¥Ç¡¼¥â¥ó¤Ï¼êÆ°¤Ç¤ÎÀßÄ꤬ɬÍפǤ¹ -- ¤¤¤¯¤Ä¤«¤ËÂФ·¤Æ¤Ï¡¢
.Xr rc.conf 5
¥Õ¥é¥°¥¨¥ó¥È¥ê¤Ë¤Æ²Äǽ¤Ç¤¹¤¬¡¢Â¾¤Î¤â¤Î¤ËÂФ·¤Æ¤Ï¥¢¥×¥ê¥±¡¼¥·¥ç¥óËè¤Î
ÀßÄê¥Õ¥¡¥¤¥ë¤ò¤¤¤¸¤ë¤«¡¢ºÆ¥³¥ó¥Ñ¥¤¥ë¤¬É¬ÍפǤ¹¡£
¼Â¹Ô¤Ë»ÈÍѤ¹¤ë IP ¥¢¥É¥ì¥¹¤ò»ØÄêÉÔ²Äǽ¤Ê¥¢¥×¥ê¥±¡¼¥·¥ç¥ó¤ËÂФ·¤Æ¤Ï¡¢
²Äǽ¤Ç¤¢¤ì¤Ð¤³¤ì¤é¤ò̵¸ú¤Ë¤¹¤ëÊý¤¬Îɤ¤¤Ç¤¹¡£
.Pp
¥Ù¡¼¥¹¥·¥¹¥Æ¥à¤ËÉÕ°¤¹¤ë¿¤¯¤Î¥Ç¡¼¥â¥ó¤Ï¡¢
jail Ãæ¿õ´Ä¶­Æâ¤Ç jail ¤«¤é¼Â¹Ô¤µ¤ì¤ë¤È¡¢ÌäÂê¤ò»ý¤ÁÆÀ¤Þ¤¹¡£
¤³¤ì¤Ë¤Ï
.Xr syslogd 8 ,
.Xr sendmail 8 ,
.Xr named 8 ,
.Xr portmap 8
¤¬´Þ¤Þ¤ì¤Þ¤¹¡£
sendmail ¤È named ¤Ï¡¢¼«¿È¤ÎÀßÄê¥Õ¥¡¥¤¥ë¤ò»ÈÍѤ·¤Æ¡¢
ÆÃÄê¤Î IP ¤Î¤ß listen ¤¹¤ë¤è¤¦ÀßÄê²Äǽ¤Ç¤¹¤¬¡¢
¤Û¤È¤ó¤É¤Î¾ì¹ç¡¢
¥Ç¡¼¥â¥ó¤òñ¤Ë jail Æâ¤Ç¤Î¤ß¼Â¹Ô¤·¤Æ¡¢¥Û¥¹¥È´Ä¶­¤Ç¤Ï¼Â¹Ô¤·¤Ê¤¤Êý¤¬´Êñ¤Ç¤¹¡£
syslogd ¤Ïñ°ì IP ¤Î¤ß¤Ë bind ¤¹¤ë¤è¤¦ÀßÄê¤Ç¤­¤Þ¤»¤ó¤¬¡¢
¥Í¥Ã¥È¥ï¡¼¥¯¥Ý¡¼¥È¤Ë bind ¤·¤Ê¤¤¤è¤¦¤Ë¤¹¤ë¤¿¤á¤Ë¡¢``-ss'' °ú¿ô¤ò»ÈÍѲÄǽ¤Ç¤¹¡£
¥Û¥¹¥È´Ä¶­¤«¤é¤Î NFS ¤Ë¥µ¡¼¥Ó¥¹¤·¤è¤¦¤È¤¹¤ë¤È¡¢
º®Íð¤¬À¸¤¸¤ë¤«¤â¤·¤ì¤Þ¤»¤ó¤·¡¢
ÆÃÄê¤Î IP ¤À¤±¤ò»ÈÍѤ¹¤ë¤è¤¦¤Ë¤Ï´Êñ¤Ë¤ÏºÆÀßÄê¤Ç¤­¤Þ¤»¤ó¡£
¤³¤ì¤Ï¡¢NFS ¤Î¥µ¡¼¥Ó¥¹¤Ë¤Ï¡¢Ä¾ÀÜ¥«¡¼¥Í¥ë¤¬¼Â¹Ô¤¹¤ë¤â¤Î¤¬¤¢¤ë¤«¤é¤Ç¤¹¡£
¥Û¥¹¥È´Ä¶­Æâ¤ÇÆ°ºî¤·¤Æ¤¤¤ë
¤¹¤Ù¤Æ¤Î¥µ¡¼¥É¥Ñ¡¼¥Æ¥£¥Í¥Ã¥È¥ï¡¼¥¯¥½¥Õ¥È¥¦¥§¥¢¤â¤Þ¤¿³Îǧ¤ª¤è¤ÓÀßÄꤷ¤Æ¡¢
¤¹¤Ù¤Æ¤Î IP ¥¢¥É¥ì¥¹¤Ë bind ¤·¤Ê¤¤¤è¤¦¤Ë¤¹¤Ù¤­¤Ç¤¹¡£
·ë²Ì¤È¤·¤Æ¡¢¤³¤ì¤é¤Î¥µ¡¼¥Ó¥¹¤â¤Þ¤¿¡¢
jail ´Ä¶­¤«¤éÄ󶡤µ¤ì¤Æ¤¤¤ë¤è¤¦¤Ë¸«¤¨¤ë¤Ç¤·¤ç¤¦¡£
.Pp
¤Ò¤È¤¿¤Ó¤³¤ì¤é¤Î¥Ç¡¼¥â¥ó¤¬Ìµ¸ú²½¤Þ¤¿¤Ï¥Û¥¹¥È´Ä¶­Æâ¤Ë¸ÇÄê²½¤µ¤ì¤¿¤Ê¤é¡¢
¸å¤Îº®Íð
(jail ¤Ø¥á¡¼¥ë¤òÁ÷¤ë¤È¤­¤Ë¡¢jail ¤Î sendmail ¤¬¥À¥¦¥ó¤·¤Æ¤¤¤Æ¡¢
¥á¡¼¥ë¤¬¥Û¥¹¥È¤ØÇÛÁ÷¤µ¤ì¤Æ¤·¤Þ¤¦¤Ê¤É)
¤Î²ÄǽÀ­¤ò¸º¤é¤¹¤¿¤á¤Ë¡¢
¥ê¥Ö¡¼¥È¤·¤ÆÁ´¥Ç¡¼¥â¥ó¤¬´ûÃΤξõÂ֤Ȥʤë¤è¤¦¤Ë¤¹¤ë¤Î¤¬ºÇÎɤǤ¹¡£
.Pp
ºÇ½é¤Ë jail ¤òµ¯Æ°¤¹¤ë¤È¤­¤Ë¤Ï¡¢
¥Í¥Ã¥È¥ï¡¼¥¯¥¤¥ó¥¿¥Õ¥§¡¼¥¹¤òÀßÄꤷ¤Ê¤¤¤Ç¤¯¤À¤µ¤¤¡£
¤³¤ì¤Ï¡¢¥Í¥Ã¥È¥ï¡¼¥¯¥¤¥ó¥¿¥Õ¥§¡¼¥¹¤ò¾¯¤·À°Íý¤·¤¿¤ê¡¢
¥¢¥«¥¦¥ó¥È¤òÀßÄꤹ¤ë¤¿¤á¤Ç¤¹¡£
¤É¤ó¤Ê¥Þ¥·¥ó¤Ç¤â (²¾ÁۤǤ¢¤Ã¤Æ¤â¤½¤¦¤Ç¤Ê¤¯¤Æ¤â)¡¢
root ¤Î¥Ñ¥¹¥ï¡¼¥É¤ä¥¿¥¤¥à¥¾¡¼¥ó¤È¤¤¤Ã¤¿¾ðÊó¤òÀßÄꤹ¤ëɬÍפ¬¤¢¤ë¤Ç¤·¤ç¤¦¡£
»Ï¤á¤ëÁ°¤Ë¡¢
.Xr sysinstall 8
¤ò jail ¤Î¥Ä¥ê¡¼¤Ë¥³¥Ô¡¼¤¹¤ë¤³¤È¤Ë¤è¤ê¡¢´Êñ¤ËÀßÄê¤Ç¤­¤Þ¤¹¡£
¼¡¤Î¤è¤¦¤Ë¹Ô¤¤¤Þ¤¹:
.Bd -literal -offset indent
# mkdir /data/jail/192.168.11.100/stand
# cp /stand/sysinstall /data/jail/192.168.11.100/stand
.Ed
.Pp
¤½¤ì¤«¤é¡¢jail ¤ò³«»Ï¤·¤Þ¤¹:
.Bd -literal -offset indent
# jail /data/jail/192.168.11.100 testhostname 192.168.11.100 /bin/sh
.Ed
.Pp
ºÇ¸å¤Ë¡¢¥¨¥é¡¼Ìµ¤·¤Ç¡¢jail Æâ¤Î¡¢¥·¥§¥ë¥×¥í¥ó¥×¥È¤Ç½ª¤ë¤Ç¤·¤ç¤¦¡£
¤³¤³¤Ç¡¢
.Pa /stand/sysinstall
¤ò¼Â¹Ô¤·¡¢¥¤¥ó¥¹¥È¡¼¥ë¸å¤ÎÀßÄê¤ÇÍÍ¡¹¤ÊÀßÄꥪ¥×¥·¥ç¥ó¤òÀßÄê¤Ç¤­¤Þ¤¹¡£
¤Þ¤¿¡¢Æ±ÍͤΤ³¤È¤ò¼Â¸½¤¹¤ë¤¿¤á¤Ë¡¢rc.conf Åù¤ò¼êÆ°¤ÇÊÔ½¸¤Ç¤­¤Þ¤¹¡£
.Pp
.Bl -bullet -offset indent -compact
.It
¶õ¤Î /etc/fstab ¤òºîÀ®¤·¡¢¶õ¤Î fstab ¤Ë´Ø¤¹¤ëµ¯Æ°·Ù¹ð¤ò²ò¾Ã¤·¤Þ¤¹¡£
.It
¥Ý¡¼¥È¥Þ¥Ã¥Ñ¤ò̵¸ú²½¤·¤Þ¤¹ (rc.conf: portmap_enable="NO")¡£
.It
.Xr newaliases 1
¤ò¼Â¹Ô¤·¡¢sendmail ¤Î·Ù¹ð¤ò²ò¾Ã¤·¤Þ¤¹¡£
.It
¥¤¥ó¥¿¥Õ¥§¡¼¥¹ÀßÄê¤ò̵¸ú²½¤·¡¢ifconfig ´ØÏ¢¤Îµ¯Æ°·Ù¹ð¤ò²ò¾Ã¤·¤Þ¤¹
(network_interfaces="")¡£
.It
/etc/resolv.conf ¤òÀßÄꤷ¡¢jail Æâ¤Î̾Á°²ò·è¤¬Àµ¤·¤¯Æ°ºî¤¹¤ë¤è¤¦¤Ë¤·¤Þ¤¹¡£
.It
root ¤Î¥Ñ¥¹¥ï¡¼¥É¤òÀßÄꤷ¤Þ¤¹¡£
¼Â¥Û¥¹¥È¥·¥¹¥Æ¥à¤È¤Ï°Û¤Ê¤Ã¤Æ¤âÎɤ¤¤Ç¤¹¡£
.It
¥¿¥¤¥à¥¾¡¼¥ó¤òÀßÄꤷ¤Þ¤¹¡£
.It
jail ´Ä¶­Æâ¤Î¥æ¡¼¥¶¤Ë¥æ¡¼¥¶¥¢¥«¥¦¥ó¥È¤òÄɲä·¤Þ¤¹¡£
.It
jail ´Ä¶­¤ËɬÍפʥѥ屡¼¥¸¤òÄɲä·¤Þ¤¹¡£
.El
.Pp
¥Ñ¥Ã¥±¡¼¥¸¸ÇÍ­¤ÎÀßÄê (¥¦¥§¥Ö¥µ¡¼¥Ð¤ä SSH ¥µ¡¼¥ÐÅù) ¤ä¡¢
¹¥¤ß¤Î¥í¥°¤ò¼è¤ë¤¿¤á¤Î /etc/syslog.conf ¤Î½¤ÀµÅù¤ò¹Ô¤Ã¤Æ¤¯¤À¤µ¤¤¡£
.Pp
¥·¥§¥ë¤«¤éÈ´¤±¤ì¤Ð¡¢jail ¤Ï¥·¥ã¥Ã¥È¥À¥¦¥ó¤·¤Þ¤¹¡£
.Ss jail ¤Î³«»Ï
jail ¤òºÆ³«¤·¡¢
Á´¥Ç¡¼¥â¥ó¤È¾¤Î¥×¥í¥°¥é¥à¤È¶¦¤Ë´Ä¶­¤òΩ¤Á¾å¤²¤ë½àÈ÷¤¬¤Ç¤­¤Þ¤·¤¿¡£
¤³¤ì¤ò¼Â¹Ô¤¹¤ë¤Ë¤Ï¡¢¤Þ¤º²¾ÁÛ¥Û¥¹¥È¤Î¥¤¥ó¥¿¥Õ¥§¡¼¥¹¤òΩ¤Á¾å¤²¡¢
¤½¤ì¤«¤é jail ¤Î
.Pa /etc/rc
¥¹¥¯¥ê¥×¥È¤ò jail Æ⤫¤é¼Â¹Ô¤·¤Þ¤¹¡£
.Pp
Ãí: ¿®Íê¤Ç¤­¤Ê¤¤¥æ¡¼¥¶¤Ë jail Æâ¤Ç root ¥¢¥¯¥»¥¹¤òµö¤¹Í½Äê¤Ê¤é¡¢
jail.set_hostname_allowed ¤ò 0 ¤ËÀßÄꤹ¤ë¤³¤È¤ò¸¡Æ¤¤¹¤ë¤ÈÎɤ¤¤Ç¤·¤ç¤¦¡£
´ÉÍý¾å¤ÎÍýͳ¤ò»²¾È¤·¤Æ¡¢²¿¸Î¤³¤ì¤¬Îɤ¤¹Í¤¨¤Ê¤Î¤«¤ò¸«¤Æ¤¯¤À¤µ¤¤¡£
¤³¤ÎÊÑ¿ô¤òÀßÄꤹ¤ë¤³¤È¤Ë¤·¤¿¤Ê¤é¤Ð¡¢
¤¹¤Ù¤Æ¤Î jail ¤Îµ¯Æ°Á°¤Ë¤³¤ì¤òÀßÄꤹ¤ë¤³¤È¤¬É¬ÍפǤ¢¤ê¡¢
¤Þ¤¿¥Ö¡¼¥È¤ÎÅÙ¤Ë 1 ÅÙɬÍפǤ¹¡£
.Bd -literal -offset indent
# ifconfig ed0 inet alias 192.168.11.100 netmask 255.255.255.255
# mount -t procfs proc /data/jail/192.168.11.100/proc
# jail /data/jail/192.168.11.100 testhostname 192.168.11.100 \\
/bin/sh /etc/rc
.Ed
.Pp
¤Û¤È¤ó¤É¤Î
.Xr sysctl 8
ÀßÄêÊÑ¿ô¤Ï jail Æ⤫¤éÀßÄêÉԲĤǤ¢¤ë¤¿¤á¡¢¼ã´³¤Î·Ù¹ð¤¬É½¼¨¤µ¤ì¤Þ¤¹¡£
¤Ê¤¼¤Ê¤é¡¢
¤³¤ì¤é¤ÎÀßÄêÊÑ¿ô¤Ï¡¢¤¹¤Ù¤Æ¤Î jail ´Ä¶­¤È¥Û¥¹¥È´Ä¶­¤ËÅϤäÆÂç°èŪ¤À¤«¤é¤Ç¤¹¡£
¤·¤«¤·¤Ê¤¬¤é¡¢¤¹¤Ù¤ÆÀµ¤·¤¯Æ°ºî¤¹¤ë¤³¤È¤Ç¤·¤ç¤¦¡£
.Xr inetd 8 ,
.Xr syslogd 8
¤ª¤è¤Ó¾¤Î¥×¥í¥»¥¹¤¬ jail Æâ¤ÇÆ°ºî¤·¤Æ¤¤¤ë¤³¤È¤Ï¡¢
.Xr ps 1
¤ò»ÈÍѤ¹¤ë¤³¤È¤Ë¤è¤ê¡¢jail ¤µ¤ì¤¿¥×¥í¥»¥¹¤Î²£¤Ë
.Dq J
¥Õ¥é¥°¤¬ÉÕ¤¤¤Æ¤¤¤ë¤³¤È¤Ë¤è¤ê³Îǧ²Äǽ¤Ç¤¹¡£
jail ¤µ¤ì¤¿´Ä¶­¤Ø¤Ï¡¢¥Û¥¹¥È̾¤Þ¤¿¤Ï IP ¥¢¥É¥ì¥¹¤Ç telnet ²Äǽ¤Ç¤¢¤ê¡¢
Á°½Ò¤Î¼ê½ç¤ÇºîÀ®¤·¤¿¥¢¥«¥¦¥ó¥È¤ò»ÈÍѤ·¤Æ¥í¥°¥¤¥ó²Äǽ¤Ç¤¹¡£
.Ss jail ¤Î´ÉÍý
Ä̾ï¤Î¥Þ¥·¥ó¤Î¥·¥ã¥Ã¥È¥À¥¦¥ó¥³¥Þ¥ó¥É¡¢Î㤨¤Ð
.Xr halt 8 ,
.Xr reboot 8 ,
.Xr shutdown 8
¤Ï jail Æâ¤Ç¤Ï¤¦¤Þ¤¯»È¤¨¤Þ¤»¤ó¡£
jail Æâ¤ÎÁ´¥×¥í¥»¥¹¤ò»¦¤¹¤¿¤á¤Ë¤Ï¡¢jail ¤Ë root ¤Ç¥í¥°¥¤¥ó¤·¡¢
¤ä¤ê¤¿¤¤¤³¤È¤Ë°Í¸¤·¤Æ¼¡¤Î¤¤¤º¤ì¤«¤Î¥³¥Þ¥ó¥É¤ò»ÈÍѤ·¤Þ¤¹:
.Pp
.Bl -bullet -offset indent -compact
.It
.Li kill -TERM -1
.It
.Li kill -KILL -1
.El
.Pp
¤³¤ì¤Ë¤è¤ê¡¢
.Dq TERM
¤Þ¤¿¤Ï
.Dq KILL
¤Î¥·¥°¥Ê¥ë¤ò¡¢jail Æ⤫¤é jail Æâ¤ÎÁ´¥×¥í¥»¥¹¤ËÄÌÃΤ·¤Þ¤¹¡£
jail ¤ÎÍÑÅӤ˰͸¤·¤Æ¡¢jail Æâ¤Ç
.Pa /etc/rc.shutdown
¤ò¼Â¹Ô¤·¤¿¤¤¤«¤â¤·¤ì¤Þ¤»¤ó¡£
¸½ºß¤Î¤È¤³¤í¡¢jail Æâ¤Ë¿·µ¬¥×¥í¥»¥¹¤òÁÞÆþ¤¹¤ë¼êÃʤϤ¢¤ê¤Þ¤»¤ó¤Î¤Ç¡¢
¤³¤ì¤é¤ÎÆ°ºî¤ò¹Ô¤¦Á°¤Ë¤Þ¤º jail ¤Ø¥í¥°¥¤¥ó¤¹¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£
.Pp
jail ³°¤«¤é¥×¥í¥»¥¹¤ò»¦¤¹¤¿¤á¤Ë¤Ï¡¢
»¦¤¹¥×¥í¥»¥¹¤Î¸Ä¡¹¤Î PID ¤òȽÊ̤¹¤ë¤³¤È¤¬É¬ÍפǤ¹¡£
.Pa /proc/ Ns Va pid Ns Pa /status
¥Õ¥¡¥¤¥ë¤ÎºÇ¸å¤Î¥Õ¥£¡¼¥ë¥É¤Ë¤Ï¡¢
¥×¥í¥»¥¹¤¬Æ°ºî¤·¤Æ¤¤¤ë jail ¤Î¥Û¥¹¥È̾¤«¡¢
¤³¤Î¥×¥í¥»¥¹¤¬ jail Æâ¤ÇÆ°ºî¤·¤Æ¤¤¤Ê¤¤¤³¤È¤ò¼¨¤¹¤¿¤á¤Ë
.Dq -
¤ò´Þ¤ß¤Þ¤¹¡£
.Xr ps 1
¥³¥Þ¥ó¥É¤â¤Þ¤¿¡¢jail Æâ¤Î¥×¥í¥»¥¹¤ËÂФ·¤Æ
.Dq J
¥Õ¥é¥°¤ò¼¨¤·¤Þ¤¹¡£
¤·¤«¤·¡¢jail ÍѤΥۥ¹¥È̾¤Ï¥Ç¥Õ¥©¥ë¥È¤Ç¤Ï jail Æ⤫¤é½ñ¤­´¹¤¨²Äǽ¤Ç¤¢¤ë¤¿¤á¡¢
¥Ç¥Õ¥©¥ë¥È¤Ç¤Ï
.Pa /proc
¤Î status ¥¨¥ó¥È¥ê¤Ï¿®Íê¤Ç¤­¤Þ¤»¤ó¡£
jail Æ⤫¤é¤Î¥Û¥¹¥È̾ÀßÄê¤ò¶Ø¤º¤ë¤Ë¤Ï¡¢¥Û¥¹¥È´Ä¶­¤Î sysctl ÊÑ¿ô
.Dq Va jail.set_hostname_allowed
¤ò 0 ¤ËÀßÄꤷ¤Þ¤¹¡£
¤³¤ì¤Ï¤¹¤Ù¤Æ¤Î jail ¤Ë±Æ¶Á¤·¤Þ¤¹¡£
.Xr sysctl.conf 5
¤ò»È¤¦¤³¤È¤Ë¤è¤ê¡¢¥Ö¡¼¥È¤Î¤¿¤Ó¤Ë¤³¤Î sysctl ÀßÄê¤ò¹Ô¤¨¤Þ¤¹¡£
¼¡¤Î¹Ô¤ò sysctl.conf ¤ËÄɲ乤ë¤À¤±¤Ç¤¹:
.Bd -literal -offset indent
jail.set_hostname_allowed=0
.Ed
.Pp
¾­Íè¤Î¥Ð¡¼¥¸¥ç¥ó¤Î FreeBSD ¤Ç¤Ï¡¢jail ¤ò´ÉÍý¤¹¤ë¤¿¤á¤Îµ¡¹½¤Ï¡¢
¤è¤êÎɤ¯¤Ê¤Ã¤Æ¤¤¤ë¤Ç¤·¤ç¤¦¡£
.Sh ´ØÏ¢¹àÌÜ
.Xr chroot 2 ,
.Xr jail 2 ,
.Xr procfs 5 ,
.Xr rc.conf 5 ,
.Xr sysctl.conf 5 ,
.Xr halt 8 ,
.Xr inetd 8 ,
.Xr named 8 ,
.Xr portmap 8 ,
.Xr reboot 8 ,
.Xr sendmail 8 ,
.Xr shutdown 8 ,
.Xr sysctl 8 ,
.Xr syslogd 8
.Sh Îò»Ë
.Fn jail
¥Õ¥¡¥ó¥¯¥·¥ç¥ó¥³¡¼¥ë¤Ï
.Fx 4.0
¤Ç¤Ï¤¸¤á¤ÆÅо줷¤Þ¤·¤¿¡£
.Sh ºî¼Ô
jail ¤Îµ¡Ç½¤Ï
.An Poul-Henning Kamp
¤Ë¤è¤Ã¤Æ
R&D Associates
.Dq Li http://www.rndassociates.com/
¤Î¤¿¤á¤Ë½ñ¤«¤ì¡¢
.Fx
¤Ë´ó£¤µ¤ì¤Þ¤·¤¿¡£
.Pp
Robert Watson ¤¬ÄɲäÎʸ½ñ¤ò½ñ¤­¡¢¾¯¡¹¥Ð¥°¤ò¸«¤Ä¤±¡¢
¿·µ¬µ¡Ç½¤ò¾¯¡¹Äɲä·¡¢¥æ¡¼¥¶¥é¥ó¥É¤Î jail ´Ä¶­¤òåºÎï¤Ë¤·¤Þ¤·¤¿¡£
.Sh ¥Ð¥°
jail ¤Ï¸½ºß¤Î¤È¤³¤í¡¢¶¯ÎϤʴÉÍýµ¡¹½¤ò»ý¤Á¤Þ¤»¤ó¡£
¤³¤ì¤Ë¤ÏÎ㤨¤Ð¡¢jail Æâ¤ÎÁ´¥×¥í¥»¥¹¤Ë¥·¥°¥Ê¥ë¤òÁ÷¤ë¡¢
.Xr procfs 5
¤ËÂФ·¤ÆÆÃÄê¤Î jail ¾ðÊó¤ò
.Xr ps 1
·Ðͳ¤Ç¥¢¥¯¥»¥¹¤Ç¤­¤ë¤è¤¦¤Ë¤¹¤ë¤³¤È¤¬´Þ¤Þ¤ì¤Þ¤¹¡£
¤Þ¤¿¡¢¥¢¥É¥ì¥¹¥¨¥¤¥ê¥¢¥¹¥Õ¥é¥°¤òÄɲ䷤ơ¢
Á´ IP (INADDR_ANY) ¾å¤Ç listen ¤¹¤ë¤è¤¦¤Ê¥Ç¡¼¥â¥ó¤¬
¤³¤Î¥Õ¥é¥°¤ò»ý¤Ä¥¢¥É¥ì¥¹¤Ë¤Ï bind ¤·¤Ê¤¤¤è¤¦¤Ë¤¹¤ë¤ÈÎɤ¤¤«¤â¤·¤ì¤Þ¤»¤ó¡£
¤³¤ì¤Ë¤è¤ê¡¢jail Æ⤫¤éÄ󶡤µ¤ì¤ë¥µ¡¼¥Ó¥¹¤ËÂФ·¤Æ
¥Û¥¹¥È¥Ç¡¼¥â¥ó¤¬Ééô¤ò¤«¤±¤Ê¤¤¡¢°ÂÁ´¤Ê¥Û¥¹¥È´Ä¶­¤ò¹½ÃÛ²Äǽ¤È¤·¤Þ¤¹¡£
¸½ºß¤Î¤È¤³¤í¡¢
ºÇ¤âñ½ã¤ÊÅú¤¨¤Ï¥Û¥¹¥È¾å¤ÇÄ󶡤¹¤ë¥µ¡¼¥Ó¥¹¤òºÇ¾®²½¤¹¤ë¤³¤È¤Ç¤¢¤ê¡¢
¤ª¤½¤é¤¯´Êñ¤ËÀßÄê²Äǽ¤Ê
.Xr inetd 8
¤«¤éÄ󶡤µ¤ì¤ë¤â¤Î¤Ë¸ÂÄꤹ¤ë¤³¤È¤Ç¤·¤ç¤¦¡£
Reference in a new issue View git blame Copy permalink