diff options
| author | Antoine Brodin <antoine@FreeBSD.org> | 2018-07-29 12:41:56 +0000 |
|---|---|---|
| committer | Antoine Brodin <antoine@FreeBSD.org> | 2018-07-29 12:41:56 +0000 |
| commit | ccd6ac9f6e5c1f92c0ce92de1f037a1b5d7716cb (patch) | |
| tree | 862506675d558cefa879d5d9ae9f69877d7fc805 /usr.sbin/jail/jail.8 | |
| parent | fc67c746c0555b7425e5d81c7a5802e1071d75bb (diff) | |
| download | src-ccd6ac9f6e5c1f92c0ce92de1f037a1b5d7716cb.tar.gz src-ccd6ac9f6e5c1f92c0ce92de1f037a1b5d7716cb.zip | |
Add allow.mlock to jail parameters
It allows locking or unlocking physical pages in memory within a jail
This allows running elasticsearch with "bootstrap.memory_lock" inside a jail
Reviewed by: jamie@
Differential Revision: https://reviews.freebsd.org/D16342
Notes
Notes:
svn path=/head/; revision=336868
Diffstat (limited to 'usr.sbin/jail/jail.8')
| -rw-r--r-- | usr.sbin/jail/jail.8 | 12 |
1 files changed, 11 insertions, 1 deletions
diff --git a/usr.sbin/jail/jail.8 b/usr.sbin/jail/jail.8 index 54f6577edab5..2420733f37f3 100644 --- a/usr.sbin/jail/jail.8 +++ b/usr.sbin/jail/jail.8 @@ -25,7 +25,7 @@ .\" .\" $FreeBSD$ .\" -.Dd July 20, 2018 +.Dd July 29, 2018 .Dt JAIL 8 .Os .Sh NAME @@ -553,6 +553,16 @@ with non-jailed parts of the system. Sockets within a jail are normally restricted to IPv4, IPv6, local (UNIX), and route. This allows access to other protocol stacks that have not had jail functionality added to them. +.It Va allow.mlock +Locking or unlocking physical pages in memory are normally not available +within a jail. +When this parameter is set, users may +.Xr mlock 2 +or +.Xr munlock 2 +memory subject to +.Va security.bsd.unprivileged_mlock +and resource limits. .It Va allow.reserved_ports The jail root may bind to ports lower than 1024. .El |