Sorry for the stupid question, but I just realised that I'm unable
to know the real value of a specific parameter. For example,
I know that the allow.raw_sockets is set to "1" for the jail "jtest01",
because I set so in the /etc/jail.conf file, but when I type the sysctl
command inside the jail, it tells me that the value is "0" (which
I guess is the default value).
>> How can I get real jail.param values for a specific running jail?
> Replying to my own question... I just fount that it's possible to
> know it from the host with the command jls(8). Here is an example:
> root@host01:~ # jls -nj jtest01 allow.raw_sockets
> Someone can tell me if it is possible to get the same info by issuing
> a command inside the jail?
A note on your original question: the security.jail.param.* sysctls are
dummies, just there to tell jail(8) (and anyone else who cares) about
the available parameters.
For the current question, I'm afraid the answer is no. While many
(most?) parameters are fine to know, the idea is that there are security
considerations to knowing some things about your own prison. So this
inability is a conscious decision. As to whether there actually *are*
any security considerations to knowing about yourself, that may be
something of an open question. Certainly the things you can test in
other ways (like allow.raw_sockets) aren't a concern.