download

Chapter 5As you have noticed from the above example, each active jail is identified by a JailIdentifier (JID) number. The JID number is used to refer to the running jails in thevarious utilities.As the host system's administrator, you don't need to log into each jail to run aspecific command. This is possible using the jexec(8) utility. This utility lets thehost system's administrator run any command in an active jail (identified by JID)from the host.# jexec 1 ls.cshrc bin etc libexec proc sbin usr.profile boot home media rescue sys varCOPYRIGHT dev lib mnt root tmpWhile running jails on a system, you may see different outputs in various processmanagement utilities. Using ps(1), the most important change you will see isJ flag in the STAT column of the imprisoned processes. You can easily identifywhether a process is running in jail using the ps command. This is shown in thefollowing command:# ps ax | grep ssh821 ?? Is 0:00.00 /usr/sbin/sshd1044 ?? IsJ 0:00.00 /usr/sbin/sshdIn the above example, the process with PID 821 is sshd that is running on the hostsystem while the second instance (PID 1044) is the one running inside a jail.You can also send signals to the imprisoned processes using pkill(1) andkillall(1) commands. In order to signal an imprisoned process, the JID of jailshould be specified by the -j argument:# pkill -HUP -j 1 sshdThis will send the HUP signal to the sshd process, which is running, to the jailwith JID 1.# pkill –HUP –j any sshdThe above example sends the HUP signal to the imprisoned sshd processes in anyrunning jail.And to kill any process running inside a specific jail, you may use thefollowing command:# killall –j 1[ 83 ]