run-jail.py with the dictionary jail_flags self.jail_flags = {
"allow-dev-read": "-d", "allow-dev-write": "-D", "allow-external-ipc": "-i", "allow-all-net-family": "-n", "allow-inet-raw": "-r", "allow-tty-open": "-t", "allow-inet-localhost": "-o", "allow-dev-get-status": "-e", "allow-dev-mod-system": "-E", "allow-mount": "-u", "allow-suid": "-s", "allow-ipc-parent": "-P", "allow-ipc-syslog": "-y", "this-is-syslog": "-Y", "verbose": "-v", "private-namespace": "-N" }
rsbac_jail flags_options:
\- only for wiki to display it correct -i = allow access to IPC outside this jail, -P = allow access to IPC in the parent jail, -y = allow access to IPC in the syslog jail, -Y = this is the syslog jail, -n = allow all network families, not only UNIX and INET (IPv4), -r = allow INET (IPv4) raw sockets (e.g. for ping), -a = auto-adjust INET any address 0.0.0.0 to jail address, if set, -o = additionally allow to/from remote INET (IPv4) address 127.0.0.1 -d = allow read access on devices -D = allow write access on devices -e = allow GET_STATUS_DATA on devices -E allow MODIFY_SYSTEM_DATA -t = allow *_OPEN on tty devices -s = allow to create with / set mode to suid -u = allow to mount/umount