auth/box: build restricted namespaces using components from the parent.

author: Jacob Moody <moody@posixcafe.org> 2022-06-07 05:38:08 +0000
committer: Jacob Moody <moody@posixcafe.org> 2022-06-07 05:38:08 +0000
commit: 056ad652a41fde51755aedb8119b37fe5946b12c (patch)
tree: 2ecb31ea6377c356ec010ebc954b46c60f2b829a /sys/man
parent: f4840cdba548979969cb2ad25b4c6acbc3e63f8c (diff)
1 files changed, 37 insertions, 0 deletions
diff --git a/sys/man/8/auth b/sys/man/8/auth
index e6c3c343d..fcfe8fcc9 100644
--- a/sys/man/8/auth
+++ b/sys/man/8/auth
@@ -60,6 +60,20 @@ changeuser, convkeys, printnetkey, status, enable, disable, authsrv, guard.srv,
 .I arg
 \&...
 .PP
+.B auth/box
+[
+.B -d
+] [
+.B -rc
+.I file
+] [
+.B -e
+.I devs
+]
+.I command
+.I arg
+\&...
+.PP
 .B auth/as
 [
 .B -d
@@ -264,6 +278,29 @@ If there are no arguments, it
 It's an easy way to run a command as
 .IR none .
 .PP
+.I Box
+sets up a restricted namespace and
+.IR exec's
+its arguments as the user
+.IR none .
+Components of the current namespace are bound
+into the child namespace with the
+.B -r 
+and 
+.B -c
+flags, using either
+.I MREPL 
+or
+.I MCREATE
+respectively. The only components
+in the child namespace will be those
+defined this way.
+By default all further kernel driver
+access is blocked. The
+.B -e
+flag specifies a string of driver
+characters to keep in the child namespace.
+.PP
 .I As
 executes
 .I command
author	Jacob Moody <moody@posixcafe.org>	2022-06-07 05:38:08 +0000
committer	Jacob Moody <moody@posixcafe.org>	2022-06-07 05:38:08 +0000
commit	056ad652a41fde51755aedb8119b37fe5946b12c (patch)
tree	2ecb31ea6377c356ec010ebc954b46c60f2b829a /sys/man
parent	f4840cdba548979969cb2ad25b4c6acbc3e63f8c (diff)