1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-07-27 07:57:46 +00:00

Kernel: Allow configuring a Jail to not impose PID isolation restriction

This is quite useful for userspace applications that can't cope with the
restriction, but it's still useful to impose other non-configurable
restrictions by using jails.
This commit is contained in:
Liav A 2023-01-12 22:47:09 +02:00 committed by Jelle Raaijmakers
parent cf8875426d
commit 8289759f1d
11 changed files with 62 additions and 23 deletions

View file

@ -12,9 +12,16 @@ $ jail-create <name>
`jail-create` creates a new jail, with a specified name
## Options
* `-p`, `--pid-isolation`: Use PID-isolation (as a custom isolation option)
## Examples
```sh
# Create jail with the name "test-jail"
# Create jail with the name "test-jail", with no PID isolation
$ jail-create test-jail
# Create jail with the name "test-jail", with PID isolation
$ jail-create -p test-jail
```

View file

@ -95,7 +95,7 @@ Kernel: Add a basic implementation of unveil()
`jails` are mitigation originating from FreeBSD.
It allows a program to be placed inside a lightweight OS-level virtualization environment.
Current restrictions on jailed processes:
Current restrictions on jailed processes (configurable when creating a Jail):
- Process ID view isolation, being limited (both in `/proc` and `/sys/kernel/processes`) to only processes that share the same jail.
Special restrictions on filesystem also apply: