From owner-freebsd-jail@FreeBSD.ORG Sun Jul 19 20:41:17 2009 Return-Path: Delivered-To: freebsd-jail@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B42D8106566B; Sun, 19 Jul 2009 20:41:17 +0000 (UTC) (envelope-from linimon@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 8B6868FC16; Sun, 19 Jul 2009 20:41:17 +0000 (UTC) (envelope-from linimon@FreeBSD.org) Received: from freefall.freebsd.org (linimon@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id n6JKfHnm091783; Sun, 19 Jul 2009 20:41:17 GMT (envelope-from linimon@freefall.freebsd.org) Received: (from linimon@localhost) by freefall.freebsd.org (8.14.3/8.14.3/Submit) id n6JKfHY0091779; Sun, 19 Jul 2009 20:41:17 GMT (envelope-from linimon) Date: Sun, 19 Jul 2009 20:41:17 GMT Message-Id: <200907192041.n6JKfHY0091779@freefall.freebsd.org> To: linimon@FreeBSD.org, freebsd-bugs@FreeBSD.org, freebsd-jail@FreeBSD.org From: linimon@FreeBSD.org Cc: Subject: Re: kern/136899: [jail] [lor] upd/jail LOR after reboot X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 19 Jul 2009 20:41:18 -0000 Old Synopsis: upd/jail LOR after reboot New Synopsis: [jail] [lor] upd/jail LOR after reboot Responsible-Changed-From-To: freebsd-bugs->freebsd-jail Responsible-Changed-By: linimon Responsible-Changed-When: Sun Jul 19 20:40:50 UTC 2009 Responsible-Changed-Why: Over to maintainer(s). http://www.freebsd.org/cgi/query-pr.cgi?pr=136899 From owner-freebsd-jail@FreeBSD.ORG Mon Jul 20 11:06:58 2009 Return-Path: Delivered-To: freebsd-jail@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 96AFD1065674 for ; Mon, 20 Jul 2009 11:06:58 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 848DE8FC1C for ; Mon, 20 Jul 2009 11:06:58 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id n6KB6wMu002335 for ; Mon, 20 Jul 2009 11:06:58 GMT (envelope-from owner-bugmaster@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.3/8.14.3/Submit) id n6KB6vQ5002331 for freebsd-jail@FreeBSD.org; Mon, 20 Jul 2009 11:06:57 GMT (envelope-from owner-bugmaster@FreeBSD.org) Date: Mon, 20 Jul 2009 11:06:57 GMT Message-Id: <200907201106.n6KB6vQ5002331@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: gnats set sender to owner-bugmaster@FreeBSD.org using -f From: FreeBSD bugmaster To: freebsd-jail@FreeBSD.org Cc: Subject: Current problem reports assigned to freebsd-jail@FreeBSD.org X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 20 Jul 2009 11:06:58 -0000 Note: to view an individual PR, use: http://www.freebsd.org/cgi/query-pr.cgi?pr=(number). The following is a listing of current problems submitted by FreeBSD users. These represent problem reports covering all versions including experimental development code and obsolete releases. S Tracker Resp. Description -------------------------------------------------------------------------------- o kern/136899 jail [jail] [lor] upd/jail LOR after reboot o kern/133265 jail [jail] is there a solution how to run nfs client in ja o kern/119842 jail [smbfs] [jail] "Bad address" with smbfs inside a jail o bin/99566 jail [jail] [patch] fstat(1) according to specified jid o bin/32828 jail [jail] w(1) incorrectly handles stale utmp slots with 5 problems total. From owner-freebsd-jail@FreeBSD.ORG Tue Jul 21 21:44:31 2009 Return-Path: Delivered-To: jail@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 87D80106564A for ; Tue, 21 Jul 2009 21:44:31 +0000 (UTC) (envelope-from jamie@FreeBSD.org) Received: from gritton.org (gritton.org [161.58.222.4]) by mx1.freebsd.org (Postfix) with ESMTP id 5340C8FC15 for ; Tue, 21 Jul 2009 21:44:30 +0000 (UTC) (envelope-from jamie@FreeBSD.org) Received: from guppy.corp.verio.net (fw.oremut02.us.wh.verio.net [198.65.168.24]) (authenticated bits=0) by gritton.org (8.13.6.20060614/8.13.6) with ESMTP id n6LLiUrE021090 for ; Tue, 21 Jul 2009 15:44:30 -0600 (MDT) Message-ID: <4A6636B8.9050204@FreeBSD.org> Date: Tue, 21 Jul 2009 15:44:24 -0600 From: Jamie Gritton User-Agent: Thunderbird 2.0.0.19 (X11/20090109) MIME-Version: 1.0 To: jail@FreeBSD.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: Subject: Jail parameter patch: disable/new/inherit X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 21 Jul 2009 21:44:31 -0000 There's a patch to Current at http://gritton.org/freebsd/triple.diff that makes some small changes to the new parameter based jail system. I invite any interested in the future direction of jails to review it before it goes in (hopefully in the next day or two). This patch deals with jailed subsystems that may or may not be virtualized. At first, there was a boolean to describe this situation: for example in the VIMAGE kernels, the setting "vnet" parameter would create a jail with a virtual network stack. But there's more than just virtual or not. In particular there are three things that can be done with a particular subsystem: "disable": Don't use the subsystem at all in a jail. For example, if you create a jail with "ip6=disable", that jail won't be able to use IPv6 sockets, as if it were a system without INET6 defined in the kernel. "new": Create a new virtual instance of the subsystem in the jail. What constitutes a new instance will vary, but it generally means the jail is treated in some way different from the rest of the system. Setting "ip6=new" will restrict IPv6 addresses (to the contents of the list specified by "ip6.addr" which should also be set). Setting "host=new" will let a jail set its own hostname (and related data) separately from the rest of the system. Setting "vnet=new" will create a new network stack for the jail. "inherit": This is the default state, and means the jail is treated the same as the rest of the system. There's no difference between a jailed and non-jailed process as far as that subsystem is concerned. A jail with "ip6=inherit" would allow the full use of the available IPv6 addresses. As yet, this is just a structural/name change. It will become important as other features are added to the jail system, including any modules that want to have jail support. - Jamie From owner-freebsd-jail@FreeBSD.ORG Fri Jul 24 16:11:12 2009 Return-Path: Delivered-To: freebsd-jail@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 837C4106568F for ; Fri, 24 Jul 2009 16:11:12 +0000 (UTC) (envelope-from scheidell@secnap.net) Received: from mx1.secnap.com.ionspam.net (mx1.secnap.com.ionspam.net [204.89.241.253]) by mx1.freebsd.org (Postfix) with ESMTP id 425668FC1F for ; Fri, 24 Jul 2009 16:11:12 +0000 (UTC) (envelope-from scheidell@secnap.net) Received: from localhost (mx1.secnap.com.ionspam.net [204.89.241.253]) by mx1.secnap.com.ionspam.net (Postfix) with ESMTP id 41DE6E65D15; Fri, 24 Jul 2009 12:11:11 -0400 (EDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=secnap.net; h= content-type:in-reply-to:references:subject:mime-version :user-agent:from:date:message-id; s=dkim; t=1248451870; x= 1250266270; bh=rS4ITaFrNJe8FRSJrvVdafFeJGBFZ7MgUpIP1ZI3Q74=; b=Z uAZUEM3I7bLs2TzjvPSoGJ9FdX149mQVTiJTc2AmahVcMg4Sl3VVLvkUD8s8ZgNs 615IXug7ibXrHj3kJB+AsYB1xF9Otccm+rsS7AUrJKC2qYIQdYTTRmFlht8bykX8 VL/Y7AoFiJejdHKv0pAjGtw4vqpB/othlLvhRYyY50= X-Amavis-Modified: Mail body modified (using disclaimer) - mx1.secnap.com.ionspam.net X-Virus-Scanned: SpammerTrap(r) VPS-1500 2.03 at mx1.secnap.com.ionspam.net Received: from secnap3.secnap.com (secnap3.secnap.com [204.89.241.130]) by mx1.secnap.com.ionspam.net (Postfix) with ESMTP id 1FBB2E65D09; Fri, 24 Jul 2009 12:11:10 -0400 (EDT) Received: from Mikes-Laptop.local ([10.70.3.3]) by secnap3.secnap.com over TLS secured channel with Microsoft SMTPSVC(6.0.3790.3959); Fri, 24 Jul 2009 12:11:09 -0400 Message-ID: <4A69DD4A.60406@secnap.net> Date: Fri, 24 Jul 2009 12:11:54 -0400 From: Michael Scheidell User-Agent: Thunderbird 2.0.0.22 (Macintosh/20090605) MIME-Version: 1.0 To: "Brian A. Seklecki" References: <4A55055D.8030902@secnap.net> <1248451401.24024.1262.camel@soundwave.ws.pitbpa0.priv.collaborativefusion.com> In-Reply-To: <1248451401.24024.1262.camel@soundwave.ws.pitbpa0.priv.collaborativefusion.com> X-OriginalArrivalTime: 24 Jul 2009 16:11:09.0858 (UTC) FILETIME=[5B76F820:01CA0C79] Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: freebsd-jail@FreeBSD.org Subject: Re: ssl accelerator cards and jail? X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 24 Jul 2009 16:11:13 -0000 Brian A. Seklecki wrote: > On Wed, 2009-07-08 at 16:45 -0400, Michael Scheidell wrote: > >> has anyone done any work with hardware ssl accelerator cards and freebsd? >> >> > > I'm pretty sure. Because it is a;; one kernel, the userland->kernel > sysctls just fall through to the host. > > I've been meaning to try the VMWare ESXi 4.0 PCI card passthrough > feature. > > Let me pass my Sun Crypto 1000 (BCM5921/23) through to a Jailhost > FreeBSD 7.2, then try it within a jail. Should be quite a head trip. > > thanks. maybe I'll look into one of those and give it a try on 7.1 (worries me that 7.2 has a shorted lifespan than 7.1...) -- Michael Scheidell, CTO Phone: 561-999-5000, x 1259 > *| *SECNAP Network Security Corporation * Certified SNORT Integrator * 2008-9 Hot Company Award Winner, World Executive Alliance * Five-Star Partner Program 2009, VARBusiness * Best Anti-Spam Product 2008, Network Products Guide * King of Spam Filters, SC Magazine 2008 _________________________________________________________________________ This email has been scanned and certified safe by SpammerTrap(r). For Information please see http://www.secnap.com/products/spammertrap/ _________________________________________________________________________ From owner-freebsd-jail@FreeBSD.ORG Fri Jul 24 16:18:28 2009 Return-Path: Delivered-To: freebsd-jail@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 9382C106566C for ; Fri, 24 Jul 2009 16:18:28 +0000 (UTC) (envelope-from seklecki@noc.cfi.pgh.pa.us) Received: from mx04.pub.collaborativefusion.com (mx04.pub.collaborativefusion.com [206.210.72.84]) by mx1.freebsd.org (Postfix) with ESMTP id 54A4D8FC17 for ; Fri, 24 Jul 2009 16:18:28 +0000 (UTC) (envelope-from seklecki@noc.cfi.pgh.pa.us) Received: from [192.168.2.161] ([206.210.89.202]) by mx04.pub.collaborativefusion.com (StrongMail Enterprise 4.1.1.4(4.1.1.4-47689)); Fri, 24 Jul 2009 11:45:45 -0400 X-VirtualServerGroup: Default X-MailingID: 00000::00000::00000::00000::::22 X-SMHeaderMap: mid="X-MailingID" X-Destination-ID: freebsd-jail@FreeBSD.org X-SMFBL: ZnJlZWJzZC1qYWlsQEZyZWVCU0Qub3Jn DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=noc.cfi.pgh.pa.us; s=noc_cfi_pgh_pa_us_key_dkim; l=606; t=1248450345; i=@noc.cfi.pgh.pa.us; h=Subject:From:To:Cc: In-Reply-To:References:Content-Type:Date:Message-Id:Mime-Version: X-Mailer:Content-Transfer-Encoding; bh=0Kz434xDmEcY0w722wh/0TSB4 8c=; b=BVd1s1qDatvvm+ailXKU6K6bnPyb9sbG/J4x0q4LBi32SQbYX2z6p+eii SzPVWbhoQMcEqNyYZmYMyGWmRe1H5cBQygFsg5scV9JJdZ6hez++P+YEWlzqeb/k xaJFpH9 From: "Brian A. Seklecki" To: Michael Scheidell In-Reply-To: <4A55055D.8030902@secnap.net> References: <4A55055D.8030902@secnap.net> Content-Type: text/plain Date: Fri, 24 Jul 2009 12:03:21 -0400 Message-Id: <1248451401.24024.1262.camel@soundwave.ws.pitbpa0.priv.collaborativefusion.com> Mime-Version: 1.0 X-Mailer: Evolution 2.26.3 (2.26.3-1.fc11) Content-Transfer-Encoding: 7bit Cc: freebsd-jail@FreeBSD.org Subject: Re: ssl accelerator cards and jail? X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 24 Jul 2009 16:18:28 -0000 On Wed, 2009-07-08 at 16:45 -0400, Michael Scheidell wrote: > has anyone done any work with hardware ssl accelerator cards and freebsd? > I'm pretty sure. Because it is a;; one kernel, the userland->kernel sysctls just fall through to the host. I've been meaning to try the VMWare ESXi 4.0 PCI card passthrough feature. Let me pass my Sun Crypto 1000 (BCM5921/23) through to a Jailhost FreeBSD 7.2, then try it within a jail. Should be quite a head trip. ~BAS > specifically, freebsd 7.1 amd64? > > and, is it transparent in 'jail' so all jailed servers can use the one card? > > From owner-freebsd-jail@FreeBSD.ORG Fri Jul 24 20:25:48 2009 Return-Path: Delivered-To: freebsd-jail@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id EA3681065672 for ; Fri, 24 Jul 2009 20:25:48 +0000 (UTC) (envelope-from seklecki@noc.cfi.pgh.pa.us) Received: from mx04.pub.collaborativefusion.com (mx04.pub.collaborativefusion.com [206.210.72.84]) by mx1.freebsd.org (Postfix) with ESMTP id 63DA18FC1F for ; Fri, 24 Jul 2009 20:25:48 +0000 (UTC) (envelope-from seklecki@noc.cfi.pgh.pa.us) Received: from [192.168.2.161] ([206.210.89.202]) by mx04.pub.collaborativefusion.com (StrongMail Enterprise 4.1.1.4(4.1.1.4-47689)); Fri, 24 Jul 2009 16:08:09 -0400 X-VirtualServerGroup: Default X-MailingID: 00000::00000::00000::00000::::24 X-SMHeaderMap: mid="X-MailingID" X-Destination-ID: freebsd-jail@FreeBSD.org X-SMFBL: ZnJlZWJzZC1qYWlsQEZyZWVCU0Qub3Jn DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=noc.cfi.pgh.pa.us; s=noc_cfi_pgh_pa_us_key_dkim; l=425; t=1248466089; i=@noc.cfi.pgh.pa.us; h=Subject:From:To:Cc: In-Reply-To:References:Content-Type:Date:Message-Id:Mime-Version: X-Mailer:Content-Transfer-Encoding; bh=n8i5bVxo2y/iejhgxxql4j0zz QE=; b=rkHMXLukGsEDbBgINxVu+Hg2PM1IItKmdsmTSFt/pPq0S1hHl4vVHNhsP w9iJsI18sxCitDpbqQvdGr/hzo0r6mY5ishEK2w3fYPXLGXmVmiS6sksO5s3uq1t 7CApgHj From: "Brian A. Seklecki" To: Michael Scheidell In-Reply-To: <4A69DD4A.60406@secnap.net> References: <4A55055D.8030902@secnap.net> <1248451401.24024.1262.camel@soundwave.ws.pitbpa0.priv.collaborativefusion.com> <4A69DD4A.60406@secnap.net> Content-Type: text/plain Date: Fri, 24 Jul 2009 16:25:46 -0400 Message-Id: <1248467146.24024.2056.camel@soundwave.ws.pitbpa0.priv.collaborativefusion.com> Mime-Version: 1.0 X-Mailer: Evolution 2.26.3 (2.26.3-1.fc11) Content-Transfer-Encoding: 7bit Cc: freebsd-jail@FreeBSD.org Subject: Re: ssl accelerator cards and jail? X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 24 Jul 2009 20:25:49 -0000 On Fri, 2009-07-24 at 12:11 -0400, Michael Scheidell wrote: > thanks. maybe I'll look into one of those and give it a try on 7.1 > (worries me that 7.2 has a shorted lifespan than 7.1...) That's by design per the releng document. Hey, my ESXi 4.0 machine is PCI-Express only. My Broadcom cards are 32bit PCI-X. I had a PCI-E but had to return it as a demo. Give me a few days to hack some testing together. ~BAS