From owner-soc-status@freebsd.org Mon Jun 17 14:55:18 2019 Return-Path: Delivered-To: soc-status@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 4360315BC0D1 for ; Mon, 17 Jun 2019 14:55:18 +0000 (UTC) (envelope-from shivankgarg98@gmail.com) Received: from mail-ed1-f52.google.com (mail-ed1-f52.google.com [209.85.208.52]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 63F706CBDB for ; Mon, 17 Jun 2019 14:55:17 +0000 (UTC) (envelope-from shivankgarg98@gmail.com) Received: by mail-ed1-f52.google.com with SMTP id i11so16629644edq.0 for ; Mon, 17 Jun 2019 07:55:17 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=iqR85yxS4YEaxrkJvXtiwzXMb4F9hz8Z5p29rzECHv8=; b=uZ7GYFw5iwIx1BztSAxSpgR4sZHbiyuR1FpPLFJqItkZLyB0q9yEQ5H58PUz5trWHQ DJgE5Q8Cyjp0OEu1Jtq61y3W4zrFtSzuFREdTRWgZOUbbrMcCp2p074Atg70ssaoF4wk fOkWK6C6RvXtxaoMOgLnsTbQU37s7Ms8Qx+1sPXfcGLXgD2k86GwQPuvgqmPsfWckqBI zODc0ayPny/KYN/0U6DvQP5SyD3unM6hKFmMazppRs367We36nNLobBySbIOg8/6rtGx Gqiy6qo/vMPBUogpP15D7tVeqJ7/oCdfoXG3oJO+Y1BlxbOR3BL/enBa+naBubCEelc6 wLiw== X-Gm-Message-State: APjAAAWfDfCObl+MiiCzYlMTiCSGW8a4mRZtySWhsH1iHj5fyIVn/SUZ CC8WfSy+sSAZSD79EYiLKV1En4rbfLs= X-Google-Smtp-Source: APXvYqzIRUal6MGMJc2ndcMwezWeKDTTE6QsI/pg8KDMf/TA85aNPqAQC0Efi0WtR5YEmERQUAF3aQ== X-Received: by 2002:a17:906:7388:: with SMTP id f8mr12061994ejl.231.1560782872348; Mon, 17 Jun 2019 07:47:52 -0700 (PDT) Received: from mail-ed1-f42.google.com (mail-ed1-f42.google.com. [209.85.208.42]) by smtp.gmail.com with ESMTPSA id l15sm2224001ejp.34.2019.06.17.07.47.52 for (version=TLS1_3 cipher=AEAD-AES128-GCM-SHA256 bits=128/128); Mon, 17 Jun 2019 07:47:52 -0700 (PDT) Received: by mail-ed1-f42.google.com with SMTP id z25so16528186edq.9 for ; Mon, 17 Jun 2019 07:47:52 -0700 (PDT) X-Received: by 2002:a50:d0d6:: with SMTP id g22mr47378231edf.250.1560782871675; Mon, 17 Jun 2019 07:47:51 -0700 (PDT) MIME-Version: 1.0 From: Shivank Garg Date: Mon, 17 Jun 2019 20:17:40 +0530 X-Gmail-Original-Message-ID: Message-ID: Subject: [GSoC'19 Weekly Update] MAC policy on IP addresses in Jail To: soc-status@freebsd.org X-Rspamd-Queue-Id: 63F706CBDB X-Spamd-Bar: ---- Authentication-Results: mx1.freebsd.org; spf=pass (mx1.freebsd.org: domain of shivankgarg98@gmail.com designates 209.85.208.52 as permitted sender) smtp.mailfrom=shivankgarg98@gmail.com X-Spamd-Result: default: False [-4.97 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:209.85.128.0/17]; TO_DN_NONE(0.00)[]; RCVD_COUNT_THREE(0.00)[4]; MX_GOOD(-0.01)[cached: alt3.gmail-smtp-in.l.google.com]; NEURAL_HAM_SHORT(-0.89)[-0.886,0]; FORGED_SENDER(0.30)[shivank@freebsd.org,shivankgarg98@gmail.com]; MIME_TRACE(0.00)[0:+,1:+]; R_DKIM_NA(0.00)[]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ASN(0.00)[asn:15169, ipnet:209.85.128.0/17, country:US]; FROM_NEQ_ENVFROM(0.00)[shivank@freebsd.org,shivankgarg98@gmail.com]; TO_DOM_EQ_FROM_DOM(0.00)[]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; PREVIOUSLY_DELIVERED(0.00)[soc-status@freebsd.org]; DMARC_NA(0.00)[freebsd.org]; RCPT_COUNT_ONE(0.00)[1]; IP_SCORE(-2.07)[ip: (-4.57), ipnet: 209.85.128.0/17(-3.42), asn: 15169(-2.31), country: US(-0.06)]; RCVD_IN_DNSWL_NONE(0.00)[52.208.85.209.list.dnswl.org : 127.0.5.0]; RCVD_TLS_LAST(0.00)[]; RWL_MAILSPIKE_POSSIBLE(0.00)[52.208.85.209.rep.mailspike.net : 127.0.0.17] Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.29 X-BeenThere: soc-status@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Summer of Code Status Reports and Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 17 Jun 2019 14:55:18 -0000 Hi, Everyone! This project is aimed at developing a loadable MAC module with the "The TrustedBSD MAC Framework" to limit the set of IP addresses a VNET-enabled Jail can choose from. This Week- - I compiled a basic MAC policy module which restricts from setting Jail's IP address. - Read about syctl. - Wrote a test shell script and test cases for the module. - I thought about the design and plausible improvements in design Do Check this project on Github: https://github.com/shivankgarg98/freebsd/tree/shivank_MACPolicyIPAddressJail/sys/security/mac_ipacl FreeBSD wiki: https://wiki.freebsd.org/SummerOfCode2019Projects/MACPolicyIPAddressJail Please feel free to share your ideas and feedback on this project. Regards, Shivank Garg From owner-soc-status@freebsd.org Tue Jun 18 19:29:31 2019 Return-Path: Delivered-To: soc-status@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id DCB5915C6839 for ; Tue, 18 Jun 2019 19:29:30 +0000 (UTC) (envelope-from therontarigo@gmail.com) Received: from mail-oi1-f171.google.com (mail-oi1-f171.google.com [209.85.167.171]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id EDE368AFB9 for ; Tue, 18 Jun 2019 19:29:29 +0000 (UTC) (envelope-from therontarigo@gmail.com) Received: by mail-oi1-f171.google.com with SMTP id e189so8594283oib.11 for ; Tue, 18 Jun 2019 12:29:29 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:to:from:subject:message-id:date:user-agent :mime-version:content-transfer-encoding:content-language; bh=dBbmLbrDnbkYEzdL95e0x9v57FcEBSIB4NOP4wlomDs=; b=JxFJYeU89/TdYtaSWqD0AA09Ybu8LW0OFHQF9ZvXoCsTcLv2C373V69spDMEo/an5T DgnNfP5x+807+q/EHB96e61wFzchQhw2uQLfKbUh1DZm+v2ZUfSf4Gb/QMNotoJlL/I+ sQwK87UbfScnx60ve6hPEW83a147BXm43WMX1coKbksOVhe+5wLoDGaYpP4m+rncdkzl +leWuQsfDSpCM2gbcg9L0yYpwF9NNdEdIm7Rd70SrreEVEkbWUspGq/HYX6E4Vv0VGcJ AWyRwtsoQbBHtyvJh/B6qO6Bst61DNznpvqRHYxf079dwlykgiPvnOOUHjhsKOiWeIBJ WfWw== X-Gm-Message-State: APjAAAVBkG12joazarXLoGo/1EhSM9oKY+iEzWH9fFIQo4HZVT6egSTd l1byQI64rtzqK3Zzf9Tnj3nnwaAa X-Google-Smtp-Source: APXvYqzZhF/ghqI2vvhhLa8NMD4QjSD898hUMwsPAhKxJxHC2jbzDntotUgykkVcBtsjExdhoXimBg== X-Received: by 2002:a63:a1f:: with SMTP id 31mr4079810pgk.66.1560885666006; Tue, 18 Jun 2019 12:21:06 -0700 (PDT) Received: from [10.1.10.31] (173-11-84-33-SFBA.hfc.comcastbusiness.net. [173.11.84.33]) by smtp.gmail.com with ESMTPSA id c124sm15982180pfa.115.2019.06.18.12.21.05 for (version=TLS1_3 cipher=AEAD-AES128-GCM-SHA256 bits=128/128); Tue, 18 Jun 2019 12:21:05 -0700 (PDT) To: soc-status@freebsd.org From: Theron Tarigo Subject: GSoC: Separation of Ports Build Process from Local Installation Message-ID: <4e83fb7b-da83-b833-e66c-7275fb26b4df@freebsd.org> Date: Tue, 18 Jun 2019 12:20:52 -0700 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:60.0) Gecko/20100101 Thunderbird/60.7.1 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit Content-Language: en-US X-Rspamd-Queue-Id: EDE368AFB9 X-Spamd-Bar: ---- Authentication-Results: mx1.freebsd.org; spf=pass (mx1.freebsd.org: domain of therontarigo@gmail.com designates 209.85.167.171 as permitted sender) smtp.mailfrom=therontarigo@gmail.com X-Spamd-Result: default: False [-4.49 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:209.85.128.0/17]; TO_DN_NONE(0.00)[]; RCVD_COUNT_THREE(0.00)[3]; MX_GOOD(-0.01)[cached: alt3.gmail-smtp-in.l.google.com]; NEURAL_HAM_SHORT(-0.97)[-0.967,0]; FORGED_SENDER(0.30)[theron@freebsd.org,therontarigo@gmail.com]; MIME_TRACE(0.00)[0:+]; R_DKIM_NA(0.00)[]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ASN(0.00)[asn:15169, ipnet:209.85.128.0/17, country:US]; FROM_NEQ_ENVFROM(0.00)[theron@freebsd.org,therontarigo@gmail.com]; TO_DOM_EQ_FROM_DOM(0.00)[]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; MID_RHS_MATCH_FROM(0.00)[]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[soc-status@freebsd.org]; DMARC_NA(0.00)[freebsd.org]; RCPT_COUNT_ONE(0.00)[1]; IP_SCORE(-1.52)[ip: (-1.77), ipnet: 209.85.128.0/17(-3.44), asn: 15169(-2.32), country: US(-0.06)]; RCVD_IN_DNSWL_NONE(0.00)[171.167.85.209.list.dnswl.org : 127.0.5.0]; RCVD_TLS_LAST(0.00)[] X-BeenThere: soc-status@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Summer of Code Status Reports and Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 18 Jun 2019 19:29:31 -0000 Hello all, This project aims to decouple the build process of the ports framework from the local installation. This past week, I have made the following progress: - Modified bsd.port.mk to behave as follows:   * All built dependencies of a port are installed to ${PORTBLDROOT} (=${PORTSDIR}/build on my test system).   * Ports resolve dependencies to ${PORTBLDROOT} instead of to local system.   * All port-building operations (configure, make, make install, etc.) are run in a chroot, in which ${LOCALBASE} is mapped to ${PORTBLDROOT}${LOCALBASE} and base system is mapped as-is. - Added hooks to several Mk/Uses/* and ports to allow switch to chroot where appropriate (far from complete). - Successfully compiled handful of ports (including C libraries, GNU build tools, perl modules, and python modules) under this modified system. The next goal is to replace the chroot with an equivalent solution in userspace (a BSD implementation similar to "fakechroot"), to eliminate requirement of superuser intervention. An overview of the progress and issues is kept at https://wiki.freebsd.org/SummerOfCode2019Projects/PortsSeparatedBuild. Theron Tarigo From owner-soc-status@freebsd.org Tue Jun 18 21:21:37 2019 Return-Path: Delivered-To: soc-status@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id EF50715C8EEA for ; Tue, 18 Jun 2019 21:21:36 +0000 (UTC) (envelope-from therontarigo@gmail.com) Received: from mail-pg1-f182.google.com (mail-pg1-f182.google.com [209.85.215.182]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id CB1AD8E88D for ; Tue, 18 Jun 2019 21:21:35 +0000 (UTC) (envelope-from therontarigo@gmail.com) Received: by mail-pg1-f182.google.com with SMTP id v9so8337882pgr.13 for ; Tue, 18 Jun 2019 14:21:35 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:subject:to:cc:message-id:date:user-agent :mime-version:content-transfer-encoding:content-language; bh=dBbmLbrDnbkYEzdL95e0x9v57FcEBSIB4NOP4wlomDs=; b=rMRasukYjekf64JlW8ivylNYAWQL/T2ruwSOPzqV/lkLN9Tf3OhVZtAo1hcaTY6bVe bQTTHFhXfQqc+znSaX49zF5hyV1YwasJjyjBqQBsMdf5yPDLLhF3BUk3ANqNM4wF/qsq iJZzfq3EQbL70xi68E4nVT9WtESgJOdpCj3jDT5S1Mp+1GDktjbo5gL41pMjowvPB9yS Emm/lzPMXlutk9TAExCwcIm55DR+0gYLMIUcHGz54Bl30raw9qt0fQiMOUoiDeCPhA+Q K4qTjcb0fpuQz2texn6LvliJmFRSL25W91DZiSrELiLGi2JaRSEkmAW1Xg/XTfJDuveI Y6Yg== X-Gm-Message-State: APjAAAW8DMjaD1AMBJ5XxizEJfa1T9TJRV0yzik/CvEwMKDlmc6+5FCm wYbXL6smYqK+mYX8/Uao7ZFxi82M X-Google-Smtp-Source: APXvYqyu9Je++QiAg4qMDs96fy3lES2z872rIhLKT0C3NqCr0iZ0Yvr9xfVmgAWyrysIV3c7h2xsZg== X-Received: by 2002:a17:90a:bb0c:: with SMTP id u12mr6922078pjr.132.1560885211795; Tue, 18 Jun 2019 12:13:31 -0700 (PDT) Received: from [10.1.10.31] (173-11-84-33-SFBA.hfc.comcastbusiness.net. [173.11.84.33]) by smtp.gmail.com with ESMTPSA id n1sm13937960pgv.15.2019.06.18.12.13.30 (version=TLS1_3 cipher=AEAD-AES128-GCM-SHA256 bits=128/128); Tue, 18 Jun 2019 12:13:31 -0700 (PDT) From: Theron Tarigo Subject: GSoC: Separation of Ports Build Process from Local Installation To: soc-status@freebsd.org Message-ID: <97df7e7a-44a1-0d80-aceb-3df446a515de@freebsd.org> Date: Tue, 18 Jun 2019 12:13:08 -0700 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:60.0) Gecko/20100101 Thunderbird/60.7.1 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit Content-Language: en-US X-Rspamd-Queue-Id: CB1AD8E88D X-Spamd-Bar: ------ Authentication-Results: mx1.freebsd.org; spf=pass (mx1.freebsd.org: domain of therontarigo@gmail.com designates 209.85.215.182 as permitted sender) smtp.mailfrom=therontarigo@gmail.com X-Spamd-Result: default: False [-6.10 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:209.85.128.0/17]; RCVD_COUNT_THREE(0.00)[3]; MX_GOOD(-0.01)[cached: alt3.gmail-smtp-in.l.google.com]; RCPT_COUNT_TWO(0.00)[2]; NEURAL_HAM_SHORT(-0.99)[-0.990,0]; FORGED_SENDER(0.30)[theron@freebsd.org,therontarigo@gmail.com]; R_DKIM_NA(0.00)[]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ASN(0.00)[asn:15169, ipnet:209.85.128.0/17, country:US]; FROM_NEQ_ENVFROM(0.00)[theron@freebsd.org,therontarigo@gmail.com]; MID_RHS_MATCH_FROM(0.00)[]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; FROM_HAS_DN(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[soc-status@freebsd.org]; DMARC_NA(0.00)[freebsd.org]; MIME_TRACE(0.00)[0:+]; TO_MATCH_ENVRCPT_SOME(0.00)[]; RCVD_IN_DNSWL_NONE(0.00)[182.215.85.209.list.dnswl.org : 127.0.5.0]; RCVD_TLS_LAST(0.00)[]; IP_SCORE(-3.10)[ip: (-9.71), ipnet: 209.85.128.0/17(-3.43), asn: 15169(-2.32), country: US(-0.06)] X-BeenThere: soc-status@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Summer of Code Status Reports and Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 18 Jun 2019 21:21:37 -0000 Hello all, This project aims to decouple the build process of the ports framework from the local installation. This past week, I have made the following progress: - Modified bsd.port.mk to behave as follows:   * All built dependencies of a port are installed to ${PORTBLDROOT} (=${PORTSDIR}/build on my test system).   * Ports resolve dependencies to ${PORTBLDROOT} instead of to local system.   * All port-building operations (configure, make, make install, etc.) are run in a chroot, in which ${LOCALBASE} is mapped to ${PORTBLDROOT}${LOCALBASE} and base system is mapped as-is. - Added hooks to several Mk/Uses/* and ports to allow switch to chroot where appropriate (far from complete). - Successfully compiled handful of ports (including C libraries, GNU build tools, perl modules, and python modules) under this modified system. The next goal is to replace the chroot with an equivalent solution in userspace (a BSD implementation similar to "fakechroot"), to eliminate requirement of superuser intervention. An overview of the progress and issues is kept at https://wiki.freebsd.org/SummerOfCode2019Projects/PortsSeparatedBuild. Theron Tarigo