From owner-freebsd-virtualization@FreeBSD.ORG Mon Sep 6 11:07:07 2010 Return-Path: Delivered-To: freebsd-virtualization@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 958601065695 for ; Mon, 6 Sep 2010 11:07:07 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 830778FC1D for ; Mon, 6 Sep 2010 11:07:07 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id o86B77LF011939 for ; Mon, 6 Sep 2010 11:07:07 GMT (envelope-from owner-bugmaster@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.4/8.14.4/Submit) id o86B76kL011937 for freebsd-virtualization@FreeBSD.org; Mon, 6 Sep 2010 11:07:06 GMT (envelope-from owner-bugmaster@FreeBSD.org) Date: Mon, 6 Sep 2010 11:07:06 GMT Message-Id: <201009061107.o86B76kL011937@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: gnats set sender to owner-bugmaster@FreeBSD.org using -f From: FreeBSD bugmaster To: freebsd-virtualization@FreeBSD.org Cc: Subject: Current problem reports assigned to freebsd-virtualization@FreeBSD.org X-BeenThere: freebsd-virtualization@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion of various virtualization techniques FreeBSD supports." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 06 Sep 2010 11:07:07 -0000 Note: to view an individual PR, use: http://www.freebsd.org/cgi/query-pr.cgi?pr=(number). The following is a listing of current problems submitted by FreeBSD users. These represent problem reports covering all versions including experimental development code and obsolete releases. S Tracker Resp. Description -------------------------------------------------------------------------------- o kern/148155 virtualization[vimage] Kernel panic with PF/IPFilter + VIMAGE kernel s kern/143808 virtualization[pf] pf does not work inside jail 2 problems total. From owner-freebsd-virtualization@FreeBSD.ORG Tue Sep 7 16:50:07 2010 Return-Path: Delivered-To: freebsd-virtualization@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id F287C10656B6 for ; Tue, 7 Sep 2010 16:50:07 +0000 (UTC) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from mail.cksoft.de (mail.cksoft.de [IPv6:2001:4068:10::3]) by mx1.freebsd.org (Postfix) with ESMTP id AB6518FC1A for ; Tue, 7 Sep 2010 16:50:07 +0000 (UTC) Received: from localhost (amavis.fra.cksoft.de [192.168.74.71]) by mail.cksoft.de (Postfix) with ESMTP id 121CD41C7C8 for ; Tue, 7 Sep 2010 18:50:07 +0200 (CEST) X-Virus-Scanned: amavisd-new at cksoft.de Received: from mail.cksoft.de ([192.168.74.103]) by localhost (amavis.fra.cksoft.de [192.168.74.71]) (amavisd-new, port 10024) with ESMTP id C1IqzojK2DiE for ; Tue, 7 Sep 2010 18:50:06 +0200 (CEST) Received: by mail.cksoft.de (Postfix, from userid 66) id 48CC141C7DB; Tue, 7 Sep 2010 18:50:06 +0200 (CEST) Received: from maildrop.int.zabbadoz.net (maildrop.int.zabbadoz.net [10.111.66.10]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.int.zabbadoz.net (Postfix) with ESMTP id AD7AC4448F3 for ; Tue, 7 Sep 2010 16:49:43 +0000 (UTC) Date: Tue, 7 Sep 2010 16:49:43 +0000 (UTC) From: "Bjoern A. Zeeb" X-X-Sender: bz@maildrop.int.zabbadoz.net To: FreeBSD virtualization mailing list Message-ID: <20100907164529.O31898@maildrop.int.zabbadoz.net> X-OpenPGP-Key: 0x14003F198FEFA3E77207EE8D2B58B8F83CCF1842 MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Subject: [patch] allow testing VIMAGE with pf in base system only X-BeenThere: freebsd-virtualization@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion of various virtualization techniques FreeBSD supports." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 07 Sep 2010 16:50:08 -0000 Hey, in a way to work on something I needed to be able to at least load pf on my VIMAGE development machine. So I quickly hacked together a patch that does exactly that. I hope it'll apply to HEAD or stable/8 but I didn't test on either. This will NOT allow you to use pf with jails+vnet but should allow using pf in the base system even if VIMAGE is enabled. In case it still panics for you, let me know and include a backtrace in your report. http://people.freebsd.org/~bz/20100907-01-pf-vnet0.diff /bz -- Bjoern A. Zeeb Welcome a new stage of life. From owner-freebsd-virtualization@FreeBSD.ORG Tue Sep 7 20:45:08 2010 Return-Path: Delivered-To: freebsd-virtualization@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 0060A10656C6 for ; Tue, 7 Sep 2010 20:45:07 +0000 (UTC) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from mail.cksoft.de (mail.cksoft.de [IPv6:2001:4068:10::3]) by mx1.freebsd.org (Postfix) with ESMTP id 7FB7D8FC0A for ; Tue, 7 Sep 2010 20:45:07 +0000 (UTC) Received: from localhost (amavis.fra.cksoft.de [192.168.74.71]) by mail.cksoft.de (Postfix) with ESMTP id 0254D41C7CE for ; Tue, 7 Sep 2010 22:45:06 +0200 (CEST) X-Virus-Scanned: amavisd-new at cksoft.de Received: from mail.cksoft.de ([192.168.74.103]) by localhost (amavis.fra.cksoft.de [192.168.74.71]) (amavisd-new, port 10024) with ESMTP id JmSdIt1FraSC for ; Tue, 7 Sep 2010 22:45:05 +0200 (CEST) Received: by mail.cksoft.de (Postfix, from userid 66) id 85FCA41C7C7; Tue, 7 Sep 2010 22:45:05 +0200 (CEST) Received: from maildrop.int.zabbadoz.net (maildrop.int.zabbadoz.net [10.111.66.10]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.int.zabbadoz.net (Postfix) with ESMTP id 0BC214448F3 for ; Tue, 7 Sep 2010 20:40:46 +0000 (UTC) Date: Tue, 7 Sep 2010 20:40:46 +0000 (UTC) From: "Bjoern A. Zeeb" X-X-Sender: bz@maildrop.int.zabbadoz.net To: FreeBSD virtualization mailing list In-Reply-To: <20100907164529.O31898@maildrop.int.zabbadoz.net> Message-ID: <20100907180934.R31898@maildrop.int.zabbadoz.net> References: <20100907164529.O31898@maildrop.int.zabbadoz.net> X-OpenPGP-Key: 0x14003F198FEFA3E77207EE8D2B58B8F83CCF1842 MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Subject: Re: [patch] allow testing VIMAGE with pf in base system only X-BeenThere: freebsd-virtualization@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion of various virtualization techniques FreeBSD supports." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 07 Sep 2010 20:45:08 -0000 On Tue, 7 Sep 2010, Bjoern A. Zeeb wrote: Hey, > in a way to work on something I needed to be able to at least load pf > on my VIMAGE development machine. So I quickly hacked together a > patch that does exactly that. I hope it'll apply to HEAD or stable/8 > but I didn't test on either. > > This will NOT allow you to use pf with jails+vnet but should allow > using pf in the base system even if VIMAGE is enabled. In case it > still panics for you, let me know and include a backtrace in your > report. > > http://people.freebsd.org/~bz/20100907-01-pf-vnet0.diff even though the patch seems to apply cleanly to a stable/8 tree, here's the one from SVN on that rather than perfoce/HEAD: http://people.freebsd.org/~bz/20100907-02-pf-vnet0-8.diff It survives a GENERIC, LINT and LINT-VIMAGE build on RELENG_8 at least. /bz -- Bjoern A. Zeeb Welcome a new stage of life. From owner-freebsd-virtualization@FreeBSD.ORG Wed Sep 8 00:55:37 2010 Return-Path: Delivered-To: freebsd-virtualization@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 0FA1F1065783; Wed, 8 Sep 2010 00:55:37 +0000 (UTC) (envelope-from az@delqn.com) Received: from a2s49.a2hosting.com (a2s49.a2hosting.com [216.119.129.2]) by mx1.freebsd.org (Postfix) with ESMTP id D9CEC8FC19; Wed, 8 Sep 2010 00:55:36 +0000 (UTC) Received: from adsl-99-35-27-117.dsl.sfldmi.sbcglobal.net ([99.35.27.117] helo=pelin.plex.com) by a2s49.a2hosting.com with esmtpsa (TLSv1:AES128-SHA:128) (Exim 4.69) (envelope-from ) id 1Ot8f6-0008MI-Ju; Tue, 07 Sep 2010 20:37:16 -0400 From: Delyan Raychev To: freebsd-virtualization-unsubscribe@freebsd.org In-Reply-To: <20100907164529.O31898@maildrop.int.zabbadoz.net> (Bjoern A. Zeeb's message of "Tue, 7 Sep 2010 16:49:43 +0000 (UTC)") Date: Tue, 07 Sep 2010 20:17:29 -0400 Message-ID: <874oe1f5ra.fsf@pelin.plex.com> References: <20100907164529.O31898@maildrop.int.zabbadoz.net> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/23.1 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - a2s49.a2hosting.com X-AntiAbuse: Original Domain - freebsd.org X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - delqn.com X-Source: X-Source-Args: X-Source-Dir: Cc: FreeBSD virtualization mailing list Subject: Re: [patch] allow testing VIMAGE with pf in base system only X-BeenThere: freebsd-virtualization@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion of various virtualization techniques FreeBSD supports." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 08 Sep 2010 00:55:37 -0000 From owner-freebsd-virtualization@FreeBSD.ORG Thu Sep 9 19:53:41 2010 Return-Path: Delivered-To: freebsd-virtualization@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 0B34B10656CD for ; Thu, 9 Sep 2010 19:53:41 +0000 (UTC) (envelope-from luizgustavo@luizgustavo.pro.br) Received: from mail-ww0-f50.google.com (mail-ww0-f50.google.com [74.125.82.50]) by mx1.freebsd.org (Postfix) with ESMTP id 9CE2C8FC12 for ; Thu, 9 Sep 2010 19:53:40 +0000 (UTC) Received: by wwb18 with SMTP id 18so2150441wwb.31 for ; Thu, 09 Sep 2010 12:53:39 -0700 (PDT) MIME-Version: 1.0 Received: by 10.216.0.206 with SMTP id 56mr89458web.33.1284060151293; Thu, 09 Sep 2010 12:22:31 -0700 (PDT) Received: by 10.216.176.12 with HTTP; Thu, 9 Sep 2010 12:22:31 -0700 (PDT) In-Reply-To: <20100907164529.O31898@maildrop.int.zabbadoz.net> References: <20100907164529.O31898@maildrop.int.zabbadoz.net> Date: Thu, 9 Sep 2010 16:22:31 -0300 Message-ID: From: "Luiz Gustavo S. Costa" To: "Bjoern A. Zeeb" Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Cc: FreeBSD virtualization mailing list Subject: Re: [patch] allow testing VIMAGE with pf in base system only X-BeenThere: freebsd-virtualization@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion of various virtualization techniques FreeBSD supports." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 09 Sep 2010 19:53:41 -0000 Hi Bjoern, I just perform tests with your patch and it worked very well! thanks for the patch ... But I found something that may be unsafe within the jail environment, I'm allowed to change /dev/pf, so that if I run a "pfctl-f /etc/pf.conf" inside the jail to do with that the rules are read again, killing pf.conf on the main environment FreeBSD gugabsd.xxxx.com.br 8.1-STABLE FreeBSD 8.1-STABLE #1: Thu Sep 9 14:31:43 BRT 2010 root@gugabsd.xxxx.com.br:/usr/obj/usr/src/sys/GENERIC i386 Thanks 2010/9/7 Bjoern A. Zeeb : > Hey, > > in a way to work on something I needed to be able to at least load pf > on my VIMAGE development machine. =A0So I quickly hacked together a > patch that does exactly that. =A0I hope it'll apply to HEAD or stable/8 > but I didn't test on either. > > This will NOT allow you to use pf with jails+vnet but should allow > using pf in the base system even if VIMAGE is enabled. =A0In case it > still panics for you, let me know and include a backtrace in your > report. > > http://people.freebsd.org/~bz/20100907-01-pf-vnet0.diff > > /bz > > -- > Bjoern A. Zeeb =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 = =A0Welcome a new stage of life. > _______________________________________________ > freebsd-virtualization@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-virtualization > To unsubscribe, send any mail to > "freebsd-virtualization-unsubscribe@freebsd.org" > --=20 Luiz Gustavo Costa (Powered by BSD) *+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+ mundoUnix - Consultoria em Software Livre http://www.mundounix.com.br ICQ: 2890831 / MSN: contato@mundounix.com.br Tel: 55 Blog: http://www.luizgustavo.pro.br From owner-freebsd-virtualization@FreeBSD.ORG Thu Sep 9 20:05:07 2010 Return-Path: Delivered-To: freebsd-virtualization@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D7E5310656DC for ; Thu, 9 Sep 2010 20:05:07 +0000 (UTC) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from mail.cksoft.de (mail.cksoft.de [IPv6:2001:4068:10::3]) by mx1.freebsd.org (Postfix) with ESMTP id 0A5018FC16 for ; Thu, 9 Sep 2010 20:05:07 +0000 (UTC) Received: from localhost (amavis.fra.cksoft.de [192.168.74.71]) by mail.cksoft.de (Postfix) with ESMTP id 0B75341C7CD; Thu, 9 Sep 2010 22:05:06 +0200 (CEST) X-Virus-Scanned: amavisd-new at cksoft.de Received: from mail.cksoft.de ([192.168.74.103]) by localhost (amavis.fra.cksoft.de [192.168.74.71]) (amavisd-new, port 10024) with ESMTP id ut1Hi34l8iCl; Thu, 9 Sep 2010 22:05:05 +0200 (CEST) Received: by mail.cksoft.de (Postfix, from userid 66) id 7729541C7CB; Thu, 9 Sep 2010 22:05:05 +0200 (CEST) Received: from maildrop.int.zabbadoz.net (maildrop.int.zabbadoz.net [10.111.66.10]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.int.zabbadoz.net (Postfix) with ESMTP id 1238D4448F3; Thu, 9 Sep 2010 20:03:07 +0000 (UTC) Date: Thu, 9 Sep 2010 20:03:07 +0000 (UTC) From: "Bjoern A. Zeeb" X-X-Sender: bz@maildrop.int.zabbadoz.net To: "Luiz Gustavo S. Costa" In-Reply-To: Message-ID: <20100909195951.S31898@maildrop.int.zabbadoz.net> References: <20100907164529.O31898@maildrop.int.zabbadoz.net> X-OpenPGP-Key: 0x14003F198FEFA3E77207EE8D2B58B8F83CCF1842 MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: FreeBSD virtualization mailing list Subject: Re: [patch] allow testing VIMAGE with pf in base system only X-BeenThere: freebsd-virtualization@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion of various virtualization techniques FreeBSD supports." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 09 Sep 2010 20:05:09 -0000 On Thu, 9 Sep 2010, Luiz Gustavo S. Costa wrote: Hey, > But I found something that may be unsafe within the jail environment, > I'm allowed to change /dev/pf, so that if I run a "pfctl-f > /etc/pf.conf" inside the jail to do with that the rules are read > again, killing pf.conf on the main environment yes, see the comment at the top of the patch: ! You should not leak /dev/pf into jails for now or they might ! change your rules;-) See devfs, devfs.rules, etc. The jail startup script would usually apply the devfsrules_jail defines in /etc/defaults/devfs.rules. /bz -- Bjoern A. Zeeb Welcome a new stage of life. From owner-freebsd-virtualization@FreeBSD.ORG Thu Sep 9 20:10:50 2010 Return-Path: Delivered-To: freebsd-virtualization@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D8B4710656DD for ; Thu, 9 Sep 2010 20:10:50 +0000 (UTC) (envelope-from luizgustavo@luizgustavo.pro.br) Received: from mail-ew0-f54.google.com (mail-ew0-f54.google.com [209.85.215.54]) by mx1.freebsd.org (Postfix) with ESMTP id 74A4B8FC15 for ; Thu, 9 Sep 2010 20:10:50 +0000 (UTC) Received: by ewy4 with SMTP id 4so1437065ewy.13 for ; Thu, 09 Sep 2010 13:10:49 -0700 (PDT) MIME-Version: 1.0 Received: by 10.216.74.75 with SMTP id w53mr367320wed.86.1284063048437; Thu, 09 Sep 2010 13:10:48 -0700 (PDT) Received: by 10.216.176.12 with HTTP; Thu, 9 Sep 2010 13:10:48 -0700 (PDT) In-Reply-To: <20100909195951.S31898@maildrop.int.zabbadoz.net> References: <20100907164529.O31898@maildrop.int.zabbadoz.net> <20100909195951.S31898@maildrop.int.zabbadoz.net> Date: Thu, 9 Sep 2010 17:10:48 -0300 Message-ID: From: "Luiz Gustavo S. Costa" To: "Bjoern A. Zeeb" Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Cc: FreeBSD virtualization mailing list Subject: Re: [patch] allow testing VIMAGE with pf in base system only X-BeenThere: freebsd-virtualization@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion of various virtualization techniques FreeBSD supports." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 09 Sep 2010 20:10:50 -0000 lol .... in the rush to see the patch working not read the head of it :p has every reason only disable dev ;) 2010/9/9 Bjoern A. Zeeb : > On Thu, 9 Sep 2010, Luiz Gustavo S. Costa wrote: > > Hey, > >> But I found something that may be unsafe within the jail environment, >> I'm allowed to change /dev/pf, so that if I run a "pfctl-f >> /etc/pf.conf" inside the jail to do with that the rules are read >> again, killing pf.conf on the main environment > > yes, see the comment at the top of the patch: > > ! You should not leak /dev/pf into jails for now or they might > ! change your rules;-) > > See devfs, devfs.rules, etc. =A0 The jail startup script would usually > apply the devfsrules_jail defines in /etc/defaults/devfs.rules. > > /bz > > -- > Bjoern A. Zeeb =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 = =A0Welcome a new stage of life. > --=20 Luiz Gustavo Costa (Powered by BSD) *+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+ mundoUnix - Consultoria em Software Livre http://www.mundounix.com.br ICQ: 2890831 / MSN: contato@mundounix.com.br Tel: 55 Blog: http://www.luizgustavo.pro.br From owner-freebsd-virtualization@FreeBSD.ORG Thu Sep 9 21:15:03 2010 Return-Path: Delivered-To: freebsd-virtualization@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 2753910656CB for ; Thu, 9 Sep 2010 21:15:03 +0000 (UTC) (envelope-from julian@elischer.org) Received: from out-0.mx.aerioconnect.net (outm.internet-mail-service.net [216.240.47.236]) by mx1.freebsd.org (Postfix) with ESMTP id C56C98FC08 for ; Thu, 9 Sep 2010 21:15:02 +0000 (UTC) Received: from idiom.com (postfix@mx0.idiom.com [216.240.32.160]) by out-0.mx.aerioconnect.net (8.13.8/8.13.8) with ESMTP id o89KvVMi023453; Thu, 9 Sep 2010 13:57:31 -0700 X-Client-Authorized: MaGic Cook1e X-Client-Authorized: MaGic Cook1e X-Client-Authorized: MaGic Cook1e Received: from julian-mac.elischer.org (64.1.209.194.ptr.us.xo.net [64.1.209.194]) by idiom.com (Postfix) with ESMTP id 10A9D2D6016; Thu, 9 Sep 2010 13:57:27 -0700 (PDT) Message-ID: <4C894A56.7040109@elischer.org> Date: Thu, 09 Sep 2010 13:57:58 -0700 From: Julian Elischer User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X 10.4; en-US; rv:1.9.2.9) Gecko/20100825 Thunderbird/3.1.3 MIME-Version: 1.0 To: "Luiz Gustavo S. Costa" References: <20100907164529.O31898@maildrop.int.zabbadoz.net> In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Scanned-By: MIMEDefang 2.67 on 216.240.47.51 Cc: "Bjoern A. Zeeb" , FreeBSD virtualization mailing list Subject: Re: [patch] allow testing VIMAGE with pf in base system only X-BeenThere: freebsd-virtualization@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion of various virtualization techniques FreeBSD supports." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 09 Sep 2010 21:15:03 -0000 On 9/9/10 12:22 PM, Luiz Gustavo S. Costa wrote: > Hi Bjoern, > > I just perform tests with your patch and it worked very well! thanks > for the patch ... > > But I found something that may be unsafe within the jail environment, > I'm allowed to change /dev/pf, so that if I run a "pfctl-f > /etc/pf.conf" inside the jail to do with that the rules are read > again, killing pf.conf on the main environment there is a version of pf in the wings that actually knows about jails. This change is not to be confused with that. > > FreeBSD gugabsd.xxxx.com.br 8.1-STABLE FreeBSD 8.1-STABLE #1: Thu Sep > 9 14:31:43 BRT 2010 > root@gugabsd.xxxx.com.br:/usr/obj/usr/src/sys/GENERIC i386 > > Thanks > > 2010/9/7 Bjoern A. Zeeb: >> Hey, >> >> in a way to work on something I needed to be able to at least load pf >> on my VIMAGE development machine. So I quickly hacked together a >> patch that does exactly that. I hope it'll apply to HEAD or stable/8 >> but I didn't test on either. >> >> This will NOT allow you to use pf with jails+vnet but should allow >> using pf in the base system even if VIMAGE is enabled. In case it >> still panics for you, let me know and include a backtrace in your >> report. >> >> http://people.freebsd.org/~bz/20100907-01-pf-vnet0.diff >> >> /bz >> >> -- >> Bjoern A. Zeeb Welcome a new stage of life. >> _______________________________________________ >> freebsd-virtualization@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-virtualization >> To unsubscribe, send any mail to >> "freebsd-virtualization-unsubscribe@freebsd.org" >> > > > From owner-freebsd-virtualization@FreeBSD.ORG Fri Sep 10 05:19:51 2010 Return-Path: Delivered-To: freebsd-virtualization@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 29A76106567A for ; Fri, 10 Sep 2010 05:19:51 +0000 (UTC) (envelope-from pz-freebsd-virtualization@ziemba.us) Received: from ziemba.us (osmtp.ziemba.us [208.106.105.149]) by mx1.freebsd.org (Postfix) with ESMTP id B70168FC12 for ; Fri, 10 Sep 2010 05:19:50 +0000 (UTC) Received: from hairball.ziemba.us (localhost.ziemba.us [127.0.0.1]) by hairball.ziemba.us (8.14.3/8.14.3) with ESMTP id o8A4mC1H014661 for ; Thu, 9 Sep 2010 21:48:12 -0700 (PDT) (envelope-from pz-freebsd-virtualization@ziemba.us) Received: (from mailnull@localhost) by hairball.ziemba.us (8.14.3/8.14.3/Submit) id o8A4mAj3014659 for freebsd-virtualization@freebsd.org; Thu, 9 Sep 2010 21:48:10 -0700 (PDT) (envelope-from pz-freebsd-virtualization@ziemba.us) X-Authentication-Warning: hairball.ziemba.us: mailnull set sender to pz-freebsd-virtualization@ziemba.us using -f Received: (from news@localhost) by hairball.ziemba.us (8.14.3/8.14.3/Submit) id o8A4m9Hw014625 for treehouse-mail-freebsd-virtualization@hairball.treehouse.napa.ca.us; Thu, 9 Sep 2010 21:48:09 -0700 (PDT) (envelope-from news) From: "G. Paul Ziemba" To: freebsd-virtualization@freebsd.org Date: Fri, 10 Sep 2010 04:48:09 +0000 (UTC) Message-id: References: <4C894A56.7040109@elischer.org> Errors-to: "G. Paul Ziemba" Subject: Re: [patch] allow testing VIMAGE with pf in base system only X-BeenThere: freebsd-virtualization@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: paul+usenet@w6yx.stanford.edu List-Id: "Discussion of various virtualization techniques FreeBSD supports." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 10 Sep 2010 05:19:51 -0000 julian@elischer.org (Julian Elischer) writes: >there is a version of pf in the wings that actually knows about jails. >This change is not to be confused with that. I was worried that the pf/vimage project was stalled. I eagerly await! -- G. Paul Ziemba FreeBSD unix: 9:46PM up 98 days, 13:27, 23 users, load averages: 0.07, 0.05, 0.01