From owner-soc-status@freebsd.org Mon Jul 1 14:25:19 2019 Return-Path: Delivered-To: soc-status@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 5B2A015DC2D0 for ; Mon, 1 Jul 2019 14:25:19 +0000 (UTC) (envelope-from shivankgarg98@gmail.com) Received: from mail-ed1-f43.google.com (mail-ed1-f43.google.com [209.85.208.43]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 3FEFE807F5; Mon, 1 Jul 2019 14:25:18 +0000 (UTC) (envelope-from shivankgarg98@gmail.com) Received: by mail-ed1-f43.google.com with SMTP id s49so23909436edb.1; Mon, 01 Jul 2019 07:25:18 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=LJMGluziwBjELbXlfGlwhQBcZHLgmaMWcaYG0TBP2B8=; b=bz1XoKRfaVRAOPKYvCGUrI7t2gw/Lw4/LOMyKWqnwN49RJ5Ao2ti229KA7wfCIW0cP +miaqenpmr8POmBEn4RBFU0oZCGS+4Dgfpxg1Nzrz2ntERkBaQXWjWMmqmxXKZupLA8y G/EbDm/JFJMrBc16pQEnvchLFffPRRM7ezjXzwjThMBoGLB21O1e9QBoZZ4+bt8Vlhd6 6RnFMnGTZbyYGk0qegeIkXHkShXMmGNcmwWOpqaCdifVhIi6NDl1C7gj1MIdflY+3zP2 4lvCxFEDjRfl3UGESwCSRtWz1iGCjSRDOaB47HYpNxDSlEt9kWIuiMmvBZCpx6XtdrkG e8bA== X-Gm-Message-State: APjAAAUbR6zeVx3ogGDSPByrSjl7ufqphzAQJSNzuXo7T73Ps+orouhp QQbdfDMx5JbmQylcDOh0F7dQaTfgLPU= X-Google-Smtp-Source: APXvYqxbbWc0RvA343gL7gYpOqtqrYw0fRHpZaa8W2AVu4Myz94YwKpASBeIIOyWitEscQEPIxHsFg== X-Received: by 2002:a05:6402:2cb:: with SMTP id b11mr29154831edx.281.1561991111016; Mon, 01 Jul 2019 07:25:11 -0700 (PDT) Received: from mail-ed1-f42.google.com (mail-ed1-f42.google.com. [209.85.208.42]) by smtp.gmail.com with ESMTPSA id y19sm3727185edd.34.2019.07.01.07.25.10 (version=TLS1_3 cipher=AEAD-AES128-GCM-SHA256 bits=128/128); Mon, 01 Jul 2019 07:25:10 -0700 (PDT) Received: by mail-ed1-f42.google.com with SMTP id d4so23797695edr.13; Mon, 01 Jul 2019 07:25:10 -0700 (PDT) X-Received: by 2002:a50:87d0:: with SMTP id 16mr29286826edz.133.1561991110247; Mon, 01 Jul 2019 07:25:10 -0700 (PDT) MIME-Version: 1.0 From: Shivank Garg Date: Mon, 1 Jul 2019 19:54:58 +0530 X-Gmail-Original-Message-ID: Message-ID: Subject: [GSoC'19 Weekly Update] MAC policy on IP addresses in Jail To: soc-status@freebsd.org, "Bjoern A. Zeeb" X-Rspamd-Queue-Id: 3FEFE807F5 X-Spamd-Bar: ----- Authentication-Results: mx1.freebsd.org; spf=pass (mx1.freebsd.org: domain of shivankgarg98@gmail.com designates 209.85.208.43 as permitted sender) smtp.mailfrom=shivankgarg98@gmail.com X-Spamd-Result: default: False [-5.22 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:209.85.128.0/17]; TO_MATCH_ENVRCPT_ALL(0.00)[]; TAGGED_RCPT(0.00)[soc]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; DMARC_NA(0.00)[freebsd.org]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; RCVD_COUNT_THREE(0.00)[4]; MIME_TRACE(0.00)[0:+,1:+]; MX_GOOD(-0.01)[cached: alt3.gmail-smtp-in.l.google.com]; RCPT_COUNT_TWO(0.00)[2]; RCVD_IN_DNSWL_NONE(0.00)[43.208.85.209.list.dnswl.org : 127.0.5.0]; NEURAL_HAM_SHORT(-0.94)[-0.938,0]; RCVD_TLS_LAST(0.00)[]; FORGED_SENDER(0.30)[shivank@freebsd.org,shivankgarg98@gmail.com]; R_DKIM_NA(0.00)[]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ASN(0.00)[asn:15169, ipnet:209.85.128.0/17, country:US]; FROM_NEQ_ENVFROM(0.00)[shivank@freebsd.org,shivankgarg98@gmail.com]; IP_SCORE(-2.28)[ip: (-5.53), ipnet: 209.85.128.0/17(-3.45), asn: 15169(-2.34), country: US(-0.06)] Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.29 X-BeenThere: soc-status@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Summer of Code Status Reports and Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 01 Jul 2019 14:25:19 -0000 Hi everyone! This project is aimed at developing a loadable MAC module with the "The TrustedBSD MAC Framework" to limit the set of IP addresses a VNET-enabled Jail can choose from. This week I made the following progress- * Converted the proposed policy into a data structure. * Added sysctl interface to take input the of the rules string. * Added a string parser to parse that input string to fill the policy structure. Do Check this project on Github: https://github.com/shivankgarg98/freebsd/tree/shivank_MACPolicyIPAddressJail/sys/security/mac_ipacl FreeBSD wiki: https://wiki.freebsd.org/SummerOfCode2019Projects/MACPolicyIPAddressJail Please feel free to share your ideas and feedback on this project. Regards, Shivank Garg From owner-soc-status@freebsd.org Mon Jul 1 17:29:24 2019 Return-Path: Delivered-To: soc-status@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 6002C15E0713 for ; Mon, 1 Jul 2019 17:29:24 +0000 (UTC) (envelope-from therontarigo@gmail.com) Received: from mail-vk1-f194.google.com (mail-vk1-f194.google.com [209.85.221.194]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 5F45D88A31 for ; Mon, 1 Jul 2019 17:29:23 +0000 (UTC) (envelope-from therontarigo@gmail.com) Received: by mail-vk1-f194.google.com with SMTP id s16so2854587vke.7 for ; Mon, 01 Jul 2019 10:29:23 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:to:cc:from:subject:message-id:date:user-agent :mime-version:content-transfer-encoding:content-language; bh=3fTOekpKm+YeMw/aJ1F4pEJmCxxwoFcUjW2tbxDy87I=; b=CGyy4IcnMSU7ZAp4XUJwuChZQZqZtrb9fYcaqNP309Z9SL+rNEDXJRmGtOQYnf+fEU +WL+GGQImQL2RKuZStCsRwYDfCOEYuiHwCc8Sltn1CLuFxeXUbxaNEKJv2wWJGRB1+YR 4fsGCVyBPGj2MY8jAJO5VvyZ99eD3A+v4UaLVk/7HPAEh5nL/6b4DSBXh49JOMaZx2Fz NUwbqF2lyai79eCJN5JZ7ZXO0sZGf/SYnqHWnxySlXwmsnKg7EOFCy1UbuF48zXP1txH SIubwIaROLjTxG3IxxouDA+uIpCNihVYpEkGdiWSv4A0KQYpvk33SnajFTdLZn4mWYVG j79g== X-Gm-Message-State: APjAAAVINwSAnd9RZCa5BfJ5AAGBm5iZcAB2DVqDu6tJhkCPFlSbZqVp a7G9sQslHokSMGdzQqyuFqJsuyXx X-Google-Smtp-Source: APXvYqyQDj/cA8cvLYBZ98Ib6H/ZFwfehypSqGVYwA1KPXIvxapkztVkQ4FJgM+4Zjjwtt3yFBjdgA== X-Received: by 2002:a63:2b47:: with SMTP id r68mr25011437pgr.352.1562001674908; Mon, 01 Jul 2019 10:21:14 -0700 (PDT) Received: from [192.168.1.23] (c-73-170-47-221.hsd1.ca.comcast.net. [73.170.47.221]) by smtp.gmail.com with ESMTPSA id x8sm10566310pfa.46.2019.07.01.10.21.14 (version=TLS1_3 cipher=AEAD-AES128-GCM-SHA256 bits=128/128); Mon, 01 Jul 2019 10:21:14 -0700 (PDT) To: soc-status@freebsd.org From: Theron Tarigo Subject: GSoC: Separation of Ports Build Process from Local Installation Message-ID: Date: Mon, 1 Jul 2019 10:21:13 -0700 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:60.0) Gecko/20100101 Thunderbird/60.7.1 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit Content-Language: en-US X-Rspamd-Queue-Id: 5F45D88A31 X-Spamd-Bar: ---- Authentication-Results: mx1.freebsd.org; spf=pass (mx1.freebsd.org: domain of therontarigo@gmail.com designates 209.85.221.194 as permitted sender) smtp.mailfrom=therontarigo@gmail.com X-Spamd-Result: default: False [-4.10 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:209.85.128.0/17]; RCVD_COUNT_THREE(0.00)[3]; MX_GOOD(-0.01)[cached: alt3.gmail-smtp-in.l.google.com]; RCPT_COUNT_TWO(0.00)[2]; NEURAL_HAM_SHORT(-0.92)[-0.925,0]; FORGED_SENDER(0.30)[theron@freebsd.org,therontarigo@gmail.com]; IP_SCORE(-1.17)[ipnet: 209.85.128.0/17(-3.45), asn: 15169(-2.34), country: US(-0.06)]; R_DKIM_NA(0.00)[]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ASN(0.00)[asn:15169, ipnet:209.85.128.0/17, country:US]; FROM_NEQ_ENVFROM(0.00)[theron@freebsd.org,therontarigo@gmail.com]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; MID_RHS_MATCH_FROM(0.00)[]; FROM_HAS_DN(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[soc-status@freebsd.org]; DMARC_NA(0.00)[freebsd.org]; MIME_TRACE(0.00)[0:+]; TO_MATCH_ENVRCPT_SOME(0.00)[]; RCVD_IN_DNSWL_NONE(0.00)[194.221.85.209.list.dnswl.org : 127.0.5.0]; RCVD_TLS_LAST(0.00)[]; RWL_MAILSPIKE_POSSIBLE(0.00)[194.221.85.209.rep.mailspike.net : 127.0.0.17] X-BeenThere: soc-status@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Summer of Code Status Reports and Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 01 Jul 2019 17:29:24 -0000 Hello all, This project aims to decouple the build process of the ports framework from the local installation.  To work around the assumptions made by ports about dependency file locations, a userspace tool to remap processes' filesystem namespaces is under development. This past week, I have made the following progress: - Filesystem namespace intercept tool now redirects paths to shared object files read by rtld. - Fixed several problems with running programs under the namespace tool. - Developed a plan for providing correct ldconfig behavior for programs run as part of port building. What I am working on next: - Implement ldconfig fix. - Create a port of freebsd-user-namespace to be used by ports framework, similarly to how ports-mgmt/pkg is used. - Set up automated testing of ports to assess progress and catch regressions. Project goals and status are kept at https://wiki.freebsd.org/SummerOfCode2019Projects/PortsSeparatedBuild . Source of the userspace filesystem namespace tool is shared at https://github.com/therontarigo/freebsd-user-namespace . Changes to ports framework are shared at https://github.com/freebsd/freebsd-ports/compare/master...therontarigo:master . Theron Tarigo