From owner-freebsd-jail@freebsd.org Mon Aug 15 15:37:23 2016 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id E6D6FBBA744; Mon, 15 Aug 2016 15:37:23 +0000 (UTC) (envelope-from luzar722@gmail.com) Received: from mail-io0-x242.google.com (mail-io0-x242.google.com [IPv6:2607:f8b0:4001:c06::242]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id B0B5A1C47; Mon, 15 Aug 2016 15:37:23 +0000 (UTC) (envelope-from luzar722@gmail.com) Received: by mail-io0-x242.google.com with SMTP id i199so6022446ioi.1; Mon, 15 Aug 2016 08:37:23 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:subject :content-transfer-encoding; bh=N0pD189tSUdH3m7u2y2ICLD+dEt0t/VN9MF/A8VLy4M=; b=uWq0ou/r9Frg8gfWHBYblMA6llQ1VjESWG1uej7BIHS8FxtPq7vxkQ0LalG4+t5q2G kbz6zn7zlFE1G7QZmE0wfE00JeaXeau+FEle1RMIcqkHiZCu9f6PYGtIMNncwXSJqHyY 1aRUX+5XI3YCKPj3vXJdwmwB50GiDDNnbKVtXR0WliH+SviPzYHPtZpknlVNij0+95Gm PkcW0Fn/k5amF6z9boKrRZ1TJIbrFzpWGk+H5qQfrAjJYhlZ2m2SnY4SxUVbVtuMPkPx ZsDHNKIo9vCZ6/r4vzckYg0NOddWPZstDWjk7pmQT+ue1wlefb5OI4vkTCEu+WIKF494 K4sw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:message-id:date:from:user-agent:mime-version:to :subject:content-transfer-encoding; bh=N0pD189tSUdH3m7u2y2ICLD+dEt0t/VN9MF/A8VLy4M=; b=F6ElB9ff+p/z0bizk/jXJBRZy2s8IabDC0BH4iEiQC3O08iPdNfmGCS72AUTUJBJF4 6wB0+PUNrU5NX6gKQYr1IkT+riP2yQXuRK6OXt+94Xk78rV/ZJc7Xs5r40ej1D/zOMhY cgSXjwXphPUKH9mO3fm9s9KDdFdoRjqgopUEpFI7i1xyXf1X9uxhqitrqtsdsWggBsVx W5oop0dxxHlhbaQRGBbzSX3cWLciJuC44UVFW05R3gws4KyksMx4NscDW5GK60Dn4RSW TkwXpqrNqmU4SW3t4gFMru6fugA/l8IrVaChd+Y/ogM3/DaWmDyxt3wSuJm+T/sZAlwT rpEA== X-Gm-Message-State: AEkoouum//aVtVplm8OW0vC+QLCVUguZRoGIt0ay8hTIA+fJIG+OEfesjBKJMYvRGSAYnQ== X-Received: by 10.107.128.200 with SMTP id k69mr39443157ioi.65.1471275442888; Mon, 15 Aug 2016 08:37:22 -0700 (PDT) Received: from [10.0.10.3] (cpe-24-165-196-54.neo.res.rr.com. [24.165.196.54]) by smtp.googlemail.com with ESMTPSA id q204sm7630717itc.19.2016.08.15.08.37.22 (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Mon, 15 Aug 2016 08:37:22 -0700 (PDT) Message-ID: <57B1E1BC.4090205@gmail.com> Date: Mon, 15 Aug 2016 11:37:32 -0400 From: Ernie Luzar User-Agent: Thunderbird 2.0.0.24 (Windows/20100228) MIME-Version: 1.0 To: Freebsd Questions , "freebsd-jail@freebsd.org" Subject: testing 11.0-RC1 vnet jails with ipfilter Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 15 Aug 2016 15:37:24 -0000 Hello list; Running 11.0-RC1 with only option vimage compiled into the generic kernel. I can run ipfilter on the host and start vnet jails containing no firewalls just fine. But when I try to also have ipfilter run in the vnet jail nothing happens. I added this to the vnet jails rc.conf ipfilter_enable="YES" ipfilter_rules="/etc/ipf.boot.rules" ipmon_enable="YES" ipmon_flags="-Ds" Then start the vnet jail and its like those ipfilter statements in the vnet jails rc.conf are not there. The vnet jails /var/log/messages file is not even there. Issuing "ipfstat" inside the running vnet jail to display the jails ipfilter rules gives this error message "open(IPSTATE_NAME): No such file or directory" To me this means ipfilter is not running in the vnet jail even though I requested it in the vnet jails rc.conf file. So my question to this list is, has anyone managed to get ipfilter to run inside a vnet jail using any of the 11.0 alpha, beta, or rc versions? If so would you please share your setup with me? Maybe I am to close to the bleeding edge for there to be other users in the same test loop? Thanks From owner-freebsd-jail@freebsd.org Mon Aug 15 16:59:39 2016 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 4E36EBBBC0A; Mon, 15 Aug 2016 16:59:39 +0000 (UTC) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from mx1.sbone.de (bird.sbone.de [46.4.1.90]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (Client CN "mx1.sbone.de", Issuer "SBone.DE" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 02DFF17C6; Mon, 15 Aug 2016 16:59:38 +0000 (UTC) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from mail.sbone.de (mail.sbone.de [IPv6:fde9:577b:c1a9:31::2013:587]) (using TLSv1 with cipher ADH-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by mx1.sbone.de (Postfix) with ESMTPS id 6BC4825D3857; Mon, 15 Aug 2016 16:59:30 +0000 (UTC) Received: from content-filter.sbone.de (content-filter.sbone.de [IPv6:fde9:577b:c1a9:31::2013:2742]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.sbone.de (Postfix) with ESMTPS id 89195D1F891; Mon, 15 Aug 2016 16:59:29 +0000 (UTC) X-Virus-Scanned: amavisd-new at sbone.de Received: from mail.sbone.de ([IPv6:fde9:577b:c1a9:31::2013:587]) by content-filter.sbone.de (content-filter.sbone.de [fde9:577b:c1a9:31::2013:2742]) (amavisd-new, port 10024) with ESMTP id MVCles0pq4yn; Mon, 15 Aug 2016 16:59:28 +0000 (UTC) Received: from [10.248.105.13] (fresh-tun0-ula.sbone.de [IPv6:fde9:577b:c1a9:4920:2ef0:eeff:fe03:ee34]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by mail.sbone.de (Postfix) with ESMTPSA id A4BDFD1F814; Mon, 15 Aug 2016 16:59:27 +0000 (UTC) From: "Bjoern A. Zeeb" To: "Ernie Luzar" Cc: "Freebsd Questions" , "freebsd-jail@freebsd.org" Subject: Re: testing 11.0-RC1 vnet jails with ipfilter Date: Mon, 15 Aug 2016 16:59:24 +0000 Message-ID: <078403E1-D8A3-4E52-B218-7A8B4400749A@lists.zabbadoz.net> In-Reply-To: <57B1E1BC.4090205@gmail.com> References: <57B1E1BC.4090205@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit X-Mailer: MailMate (2.0BETAr6048) X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 15 Aug 2016 16:59:39 -0000 On 15 Aug 2016, at 15:37, Ernie Luzar wrote: > Hello list; > > Running 11.0-RC1 with only option vimage compiled into the generic > kernel. > > I can run ipfilter on the host and start vnet jails containing no > firewalls just fine. But when I try to also have ipfilter run in the > vnet jail nothing happens. I added this to the vnet jails rc.conf > ipfilter_enable="YES" > ipfilter_rules="/etc/ipf.boot.rules" > ipmon_enable="YES" > ipmon_flags="-Ds" > > Then start the vnet jail and its like those ipfilter statements in the > vnet jails rc.conf are not there. The vnet jails /var/log/messages > file is not even there. Issuing "ipfstat" inside the running vnet jail > to display the jails ipfilter rules gives this error message > "open(IPSTATE_NAME): No such file or directory" > To me this means ipfilter is not running in the vnet jail even though > I requested it in the vnet jails rc.conf file. > > So my question to this list is, has anyone managed to get ipfilter to > run inside a vnet jail using any of the 11.0 alpha, beta, or rc > versions? If so would you please share your setup with me? > > Maybe I am to close to the bleeding edge for there to be other users > in the same test loop? The startup script contains “nojail”. I think someone opened a bug report the other day but I can’t find it anymore; so the startup script won’t automatically run inside a jail. Can you remove that line and try again? /bz From owner-freebsd-jail@freebsd.org Tue Aug 16 02:50:41 2016 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 1058CBBA967 for ; Tue, 16 Aug 2016 02:50:41 +0000 (UTC) (envelope-from apache@vdp-linux-01.hc8.voxcore.co.za) Received: from vdp-linux-01.hc8.voxcore.co.za (vdp-linux-01.hc8.voxcore.co.za [41.193.5.54]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 9A4611E83 for ; Tue, 16 Aug 2016 02:50:38 +0000 (UTC) (envelope-from apache@vdp-linux-01.hc8.voxcore.co.za) Received: from vdp-linux-01.hc8.voxcore.co.za (hc8.datapro.co.za [127.0.0.1]) by vdp-linux-01.hc8.voxcore.co.za (8.13.8/8.13.8) with ESMTP id u7G1eMnw012202 for ; Tue, 16 Aug 2016 03:40:22 +0200 Received: (from apache@localhost) by vdp-linux-01.hc8.voxcore.co.za (8.13.8/8.13.8/Submit) id u7G1eM8d012198; Tue, 16 Aug 2016 03:40:22 +0200 To: freebsd-jail@freebsd.org Subject: Courier was unable to deliver the parcel, ID0000945156 X-PHP-Originating-Script: 48:post.php(3) : regexp code(1) : eval()'d code(17) : eval()'d code Date: Tue, 16 Aug 2016 03:40:21 +0200 From: "FedEx Standard Overnight" Reply-To: "FedEx Standard Overnight" Message-ID: X-Priority: 3 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Content-Filtered-By: Mailman/MimeDel 2.1.22 X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 16 Aug 2016 02:50:41 -0000 Dear Customer, We could not deliver your parcel. Shipment Label is attached to email. Yours sincerely, Angel Vincent, Sr. Station Manager. From owner-freebsd-jail@freebsd.org Tue Aug 16 12:47:34 2016 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 92C32BBB5B2; Tue, 16 Aug 2016 12:47:34 +0000 (UTC) (envelope-from kraduk@gmail.com) Received: from mail-wm0-x22e.google.com (mail-wm0-x22e.google.com [IPv6:2a00:1450:400c:c09::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 2797814AD; Tue, 16 Aug 2016 12:47:34 +0000 (UTC) (envelope-from kraduk@gmail.com) Received: by mail-wm0-x22e.google.com with SMTP id i5so165290702wmg.0; Tue, 16 Aug 2016 05:47:34 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=8gT6sxO6L0oGpVfp3vcM4xefENF1o4jgp8+A77HAFHw=; b=BGDUbsw0RthM60hKUrp7tK7nGNhjjefwzWXiMpfxGJ+A/dl/kRT6yjqyXXvNZYSQnr d2kWfZj/vx+RK374zl1FNGuhmamrWVLL75JDOVxlh398XwBWG38CBq+4P2+/K9uZcaq7 B2JT0i9wVNO2ah9Pp+xWjuapyTKeUj97LWy5TF8qAF7s07OfV4oh2ti2CsCzFqxbp0mV iwaYZhkTOMwG7krHiwM20Rv7/bwYu/DB6zz9vS3YYztNYLGNRESLyZK6nRib1WXNuGg5 pPUx8m9JqdFPeSE/wAqqJMZ9ZL/aeGxBS5DbMd39djvE4iZ9DcMZg9Cwcj8AeH/A01Kh EwXQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=8gT6sxO6L0oGpVfp3vcM4xefENF1o4jgp8+A77HAFHw=; b=CS+HD96uHO7xnd7WZI9COMvuYvKCOdFftyxWs7uLDxHbVU6LKaUwhJMhuPSFUAFLrF Lp7LEH4Bu+jXrICUJzKKTtyRjmm9OoLZhrO1MlzStS2nyreHIenTBaEZ4JK7rWDS/+HY 1D8R0Q2oL2Kc6bpHnyqfG2q2PRWgkwzgDhOP046PkcQqsnhfMVnXkNEem91KKLbBwnh1 oNgHh3bx1Yzk1QWE3qaJvOZqySdr2sk6gu2DXyJz917Bowdqp8622kGYps+eAR8wPcxA LjSLqv8KexPvN0Iio6ZEvavWf8uRv1GlYBT0O9xKJxi1SB/kxB6s+ITlP5MCko85MgJ3 Pe/Q== X-Gm-Message-State: AEkooutbVq0xldKg7IBlsJQsCWxpam8S6x0uulBiA/EHTJFPUrOJJe36SHWz3vbyjfcKFQhci5dUdL5rYIW3DA== X-Received: by 10.194.175.106 with SMTP id bz10mr38025491wjc.42.1471351652728; Tue, 16 Aug 2016 05:47:32 -0700 (PDT) MIME-Version: 1.0 Received: by 10.194.54.202 with HTTP; Tue, 16 Aug 2016 05:47:32 -0700 (PDT) In-Reply-To: <078403E1-D8A3-4E52-B218-7A8B4400749A@lists.zabbadoz.net> References: <57B1E1BC.4090205@gmail.com> <078403E1-D8A3-4E52-B218-7A8B4400749A@lists.zabbadoz.net> From: krad Date: Tue, 16 Aug 2016 13:47:32 +0100 Message-ID: Subject: Re: testing 11.0-RC1 vnet jails with ipfilter To: "Bjoern A. Zeeb" Cc: Ernie Luzar , "freebsd-jail@freebsd.org" , Freebsd Questions Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.22 X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 16 Aug 2016 12:47:34 -0000 is ipfilter supported in vnet jails? Last time I looked and tried pf didnt work (kernel panics), and only ipfw was supported. On 15 August 2016 at 17:59, Bjoern A. Zeeb wrote: > On 15 Aug 2016, at 15:37, Ernie Luzar wrote: > > Hello list; >> >> Running 11.0-RC1 with only option vimage compiled into the generic kerne= l. >> >> I can run ipfilter on the host and start vnet jails containing no >> firewalls just fine. But when I try to also have ipfilter run in the vne= t >> jail nothing happens. I added this to the vnet jails rc.conf >> ipfilter_enable=3D"YES" >> ipfilter_rules=3D"/etc/ipf.boot.rules" >> ipmon_enable=3D"YES" >> ipmon_flags=3D"-Ds" >> >> Then start the vnet jail and its like those ipfilter statements in the >> vnet jails rc.conf are not there. The vnet jails /var/log/messages file = is >> not even there. Issuing "ipfstat" inside the running vnet jail to displa= y >> the jails ipfilter rules gives this error message "open(IPSTATE_NAME): N= o >> such file or directory" >> To me this means ipfilter is not running in the vnet jail even though I >> requested it in the vnet jails rc.conf file. >> >> So my question to this list is, has anyone managed to get ipfilter to ru= n >> inside a vnet jail using any of the 11.0 alpha, beta, or rc versions? If= so >> would you please share your setup with me? >> >> Maybe I am to close to the bleeding edge for there to be other users in >> the same test loop? >> > > > The startup script contains =E2=80=9Cnojail=E2=80=9D. I think someone o= pened a bug > report the other day but I can=E2=80=99t find it anymore; so the startup= script > won=E2=80=99t automatically run inside a jail. Can you remove that line= and try > again? > > > /bz > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe > @freebsd.org" > From owner-freebsd-jail@freebsd.org Tue Aug 16 15:45:02 2016 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id ADAFCBBBF5C; Tue, 16 Aug 2016 15:45:02 +0000 (UTC) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from mx1.sbone.de (mx1.sbone.de [IPv6:2a01:4f8:130:3ffc::401:25]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (Client CN "mx1.sbone.de", Issuer "SBone.DE" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 6FB861213; Tue, 16 Aug 2016 15:45:02 +0000 (UTC) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from mail.sbone.de (mail.sbone.de [IPv6:fde9:577b:c1a9:31::2013:587]) (using TLSv1 with cipher ADH-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by mx1.sbone.de (Postfix) with ESMTPS id CB38525D3899; Tue, 16 Aug 2016 15:44:58 +0000 (UTC) Received: from content-filter.sbone.de (content-filter.sbone.de [IPv6:fde9:577b:c1a9:31::2013:2742]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.sbone.de (Postfix) with ESMTPS id 045A7D1F8D0; Tue, 16 Aug 2016 15:44:58 +0000 (UTC) X-Virus-Scanned: amavisd-new at sbone.de Received: from mail.sbone.de ([IPv6:fde9:577b:c1a9:31::2013:587]) by content-filter.sbone.de (content-filter.sbone.de [fde9:577b:c1a9:31::2013:2742]) (amavisd-new, port 10024) with ESMTP id 00Uh1rCwQN71; Tue, 16 Aug 2016 15:44:56 +0000 (UTC) Received: from [10.248.105.13] (fresh-tun0-ula.sbone.de [IPv6:fde9:577b:c1a9:4920:2ef0:eeff:fe03:ee34]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by mail.sbone.de (Postfix) with ESMTPSA id 401AAD1F8A3; Tue, 16 Aug 2016 15:44:56 +0000 (UTC) From: "Bjoern A. Zeeb" To: krad Cc: "freebsd-jail@freebsd.org" , "Freebsd Questions" Subject: Re: testing 11.0-RC1 vnet jails with ipfilter Date: Tue, 16 Aug 2016 15:44:54 +0000 Message-ID: In-Reply-To: References: <57B1E1BC.4090205@gmail.com> <078403E1-D8A3-4E52-B218-7A8B4400749A@lists.zabbadoz.net> MIME-Version: 1.0 Content-Type: text/plain; format=flowed X-Mailer: MailMate (2.0BETAr6048) X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 16 Aug 2016 15:45:02 -0000 On 16 Aug 2016, at 12:47, krad wrote: > is ipfilter supported in vnet jails? Last time I looked and tried pf > didnt > work (kernel panics), and only ipfw was supported. In 11-RC* it is present for all 3 firewalls; like VIMAGE due to memory footprint you might have to compile the firewall into the kernel rather than kldload it (especially ipfilter). /bz From owner-freebsd-jail@freebsd.org Tue Aug 16 20:21:05 2016 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 0C9A6BBCB88; Tue, 16 Aug 2016 20:21:05 +0000 (UTC) (envelope-from luzar722@gmail.com) Received: from mail-it0-x244.google.com (mail-it0-x244.google.com [IPv6:2607:f8b0:4001:c0b::244]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id C738B1C5C; Tue, 16 Aug 2016 20:21:04 +0000 (UTC) (envelope-from luzar722@gmail.com) Received: by mail-it0-x244.google.com with SMTP id d65so6498291ith.0; Tue, 16 Aug 2016 13:21:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-transfer-encoding; bh=LNrED8Hka8c1p9wQSowV3hihmbvf85TCB7ZgxyJW0c0=; b=aGVjdEt2K2VIkJS6G+dqC0l+6uy/IPuZ80sgINUbVSXqXJ9HsAi9BK5/jvmNX8iYTI NNIJye2+GunfyT2XWXzyfBBLCESoNmIHZhur2F0tCh0Z1wq9cj+VtQ5Kc0WMh/kFpyqu MqUwYx4SKxO0hdJFlR6vbn2AvVy15Y/NV22v8jxJJbIA6QHUeCkUEsOdsgQ1uAkMv+TO L1xqHXm9l6PLnjybsvGsPBQookUy7D5IXvpalAC3IFlVItt/JCqeb4INa0Pj7HEROOmj tN+LgaYs9UjGZZ49DaKyx9rnU6w5y6LPzdEk06R8le4vO4LmmcmH2Cii0noz+c9oav+H CxrQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:message-id:date:from:user-agent:mime-version:to :cc:subject:references:in-reply-to:content-transfer-encoding; bh=LNrED8Hka8c1p9wQSowV3hihmbvf85TCB7ZgxyJW0c0=; b=j31SEBIjRFxgvYHxtAHlWjEFpBQYc15ZmFjjkwBBKn62c7gH0squDT7s1C/WkHn5Rd BKEyxUBC1im89LBGIgqRl/eqF1viHWSQ0hsK2+YpugwkY4ZiWq+p6PmvGxIqxLO6cwso FNT+RtEKfI4UR9o2AyJcJG324mFKKPamy5suU7OC8VrRvx+GUEtFezOtoUR+Ifo/LC2/ CNzuei5pX+6wS7FCxAMcBTTvfre/SpyiXtIJX5iNZHp2S/kZk9Q3JDFB3+Q+SEsriUJi Uhx0TBlLvfRssTdCxfIqmdp0cLZYmZBBzrpQv0oxw0cI8KK7wwTY3ZKIm0DpOouxreaS 5KyQ== X-Gm-Message-State: AEkoouufoyVfki7XXwyQhJ0f5JakALKmAw7oJhEivqo2deqE+6LABueEbHsTfj/te+Zakg== X-Received: by 10.36.198.197 with SMTP id j188mr3620732itg.78.1471378864252; Tue, 16 Aug 2016 13:21:04 -0700 (PDT) Received: from [10.0.10.3] (cpe-24-165-196-54.neo.res.rr.com. [24.165.196.54]) by smtp.googlemail.com with ESMTPSA id n10sm3566542ith.18.2016.08.16.13.21.03 (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Tue, 16 Aug 2016 13:21:03 -0700 (PDT) Message-ID: <57B375C6.9030500@gmail.com> Date: Tue, 16 Aug 2016 16:21:26 -0400 From: Ernie Luzar User-Agent: Thunderbird 2.0.0.24 (Windows/20100228) MIME-Version: 1.0 To: "Bjoern A. Zeeb" CC: krad , "freebsd-jail@freebsd.org" , Freebsd Questions Subject: Re: testing 11.0-RC1 vnet jails with ipfilter References: <57B1E1BC.4090205@gmail.com> <078403E1-D8A3-4E52-B218-7A8B4400749A@lists.zabbadoz.net> In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 16 Aug 2016 20:21:05 -0000 Bjoern A. Zeeb wrote: > > In 11-RC* it is present for all 3 firewalls; like VIMAGE due to memory > footprint you might have to compile the firewall into the kernel rather > than kldload it (especially ipfilter). > > /bzvnet The 11.0-RC1 host has vimage and ipfilter compiled into the kernel. Vnet jail can ping public network. Host ipf log shows pings from vnet jail as they pass the host firewall on external interface using the ip address assigned to the vnet jail. Codding rules on the host firewall using the vnet jail's assigned ip address does work. But this is not what vimage literature says how vnet firewalls are suppose to work. Issuing "ipf -FS -Fa" command from within the vnet jail gives this message, "open device:no such file or directory. User kernel version check failed. Issuing "ipfstat -hnio command from within the vnet jail gives this message, open(IPSTATE_NAME):no such file or directory. Running the host on a kernel with just vimage compiled in gets same results as above. Only differences between 10.x systems and 11.0 is a vimage kernel no longer panics if the host is running ipfilter and the lost memory message at stopping a vimage jail is gone. Ipfilter does NOT start in a vimage jail. This is a major show stopper. From owner-freebsd-jail@freebsd.org Tue Aug 16 21:17:12 2016 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id AB138BBBBFD; Tue, 16 Aug 2016 21:17:12 +0000 (UTC) (envelope-from cyberleo@cyberleo.net) Received: from mail.cyberleo.net (paka.cyberleo.net [216.226.128.180]) by mx1.freebsd.org (Postfix) with ESMTP id 8DA7014ED; Tue, 16 Aug 2016 21:17:12 +0000 (UTC) (envelope-from cyberleo@cyberleo.net) Received: from [172.16.44.4] (vitani.den.cyberleo.net [216.80.73.130]) by mail.cyberleo.net (Postfix) with ESMTPSA id D362443097; Tue, 16 Aug 2016 17:08:42 -0400 (EDT) Subject: Re: testing 11.0-RC1 vnet jails with ipfilter To: Ernie Luzar , "Bjoern A. Zeeb" References: <57B1E1BC.4090205@gmail.com> <078403E1-D8A3-4E52-B218-7A8B4400749A@lists.zabbadoz.net> <57B375C6.9030500@gmail.com> Cc: "freebsd-jail@freebsd.org" , Freebsd Questions , krad From: CyberLeo Kitsana Message-ID: Date: Tue, 16 Aug 2016 16:08:42 -0500 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.2.0 MIME-Version: 1.0 In-Reply-To: <57B375C6.9030500@gmail.com> Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 16 Aug 2016 21:17:12 -0000 On 08/16/2016 03:21 PM, Ernie Luzar wrote: > Issuing "ipf -FS -Fa" command from within the vnet jail gives this > message, "open device:no such file or directory. User kernel version > check failed. According to ipf(8), the ipfilter utilities touch /dev/ipauth , /dev/ipl , and /dev/ipstate . Have you checked that the devfs ruleset applied to your jail has those unhidden? > Issuing "ipfstat -hnio command from within the vnet jail gives this > message, open(IPSTATE_NAME):no such file or directory. ipfstat(8) also lists /dev/kmem ; I suspect that including this may be a bad idea. -- Fuzzy love, -CyberLeo Technical Administrator CyberLeo.Net Webhosting http://www.CyberLeo.Net Furry Peace! - http://www.fur.com/peace/ From owner-freebsd-jail@freebsd.org Tue Aug 16 23:21:40 2016 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id BE424BBCF28; Tue, 16 Aug 2016 23:21:40 +0000 (UTC) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from mx1.sbone.de (mx1.sbone.de [IPv6:2a01:4f8:130:3ffc::401:25]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (Client CN "mx1.sbone.de", Issuer "SBone.DE" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 7FE4511A4; Tue, 16 Aug 2016 23:21:40 +0000 (UTC) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from mail.sbone.de (mail.sbone.de [IPv6:fde9:577b:c1a9:31::2013:587]) (using TLSv1 with cipher ADH-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by mx1.sbone.de (Postfix) with ESMTPS id 9B40D25D387C; Tue, 16 Aug 2016 23:21:36 +0000 (UTC) Received: from content-filter.sbone.de (content-filter.sbone.de [IPv6:fde9:577b:c1a9:31::2013:2742]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.sbone.de (Postfix) with ESMTPS id AEDA8D1F8C1; Tue, 16 Aug 2016 23:21:35 +0000 (UTC) X-Virus-Scanned: amavisd-new at sbone.de Received: from mail.sbone.de ([IPv6:fde9:577b:c1a9:31::2013:587]) by content-filter.sbone.de (content-filter.sbone.de [fde9:577b:c1a9:31::2013:2742]) (amavisd-new, port 10024) with ESMTP id 2f9eSN9SGq0x; Tue, 16 Aug 2016 23:21:34 +0000 (UTC) Received: from [10.111.64.116] (unknown [IPv6:fde9:577b:c1a9:4410:8df0:8af8:fda2:61f3]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by mail.sbone.de (Postfix) with ESMTPSA id 67B89D1F814; Tue, 16 Aug 2016 23:21:33 +0000 (UTC) From: "Bjoern A. Zeeb" To: "CyberLeo Kitsana" Cc: "Ernie Luzar" , "freebsd-jail@freebsd.org" , "Freebsd Questions" , krad , "James Gritton" Subject: Re: testing 11.0-RC1 vnet jails with ipfilter Date: Tue, 16 Aug 2016 23:21:31 +0000 Message-ID: <89E52542-8E6B-4BA6-921E-E939A3F3A038@lists.zabbadoz.net> In-Reply-To: References: <57B1E1BC.4090205@gmail.com> <078403E1-D8A3-4E52-B218-7A8B4400749A@lists.zabbadoz.net> <57B375C6.9030500@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit X-Mailer: MailMate (2.0BETAr6048) X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 16 Aug 2016 23:21:40 -0000 On 16 Aug 2016, at 21:08, CyberLeo Kitsana wrote: > On 08/16/2016 03:21 PM, Ernie Luzar wrote: > >> Issuing "ipf -FS -Fa" command from within the vnet jail gives this >> message, "open device:no such file or directory. User kernel version >> check failed. > > According to ipf(8), the ipfilter utilities touch /dev/ipauth , > /dev/ipl > , and /dev/ipstate . Have you checked that the devfs ruleset applied > to > your jail has those unhidden? > >> Issuing "ipfstat -hnio command from within the vnet jail gives this >> message, open(IPSTATE_NAME):no such file or directory. > > ipfstat(8) also lists /dev/kmem ; I suspect that including this may be > a > bad idea. /dev/kmem is a bad idea; I should go and check what it is using it for and if needed we should fix that. I guess the general thing is that we might want to create another default set of devfs rules which include additional nodes we now consider safe inside VNET jails; the jail.conf still needs to know the right ruleset to apply, so the jail.conf would need to specify the other devfs_ruleset=“..” for vnet jails. Maybe Jamie could then come up with an intelligent solution that would automagically flip things if option vnet is set? I guess jail.conf(5) will need more examples for these things as well. /bz From owner-freebsd-jail@freebsd.org Wed Aug 17 01:04:56 2016 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 5C325BBADA9; Wed, 17 Aug 2016 01:04:56 +0000 (UTC) (envelope-from luzar722@gmail.com) Received: from mail-it0-x241.google.com (mail-it0-x241.google.com [IPv6:2607:f8b0:4001:c0b::241]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 2036D1BDA; Wed, 17 Aug 2016 01:04:56 +0000 (UTC) (envelope-from luzar722@gmail.com) Received: by mail-it0-x241.google.com with SMTP id d65so7261917ith.0; Tue, 16 Aug 2016 18:04:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-transfer-encoding; bh=6J23ODX6DWeeQfBnwHuUoUXppHyCs6ZEqOcdZL2i/qU=; b=iPIBry5YIqacCEvXpRrM053Js2A+BGFvsOXd93svAG3jwzvRdEp9RB9x524mlMl8An cEmXToYrrynP5FtdBhkZca5+7cHX6nUElVRYfhnAnONiX7aCuF4CbfFRyrA73my/mNPT Y85Z276fS8fsHBmJnCHj5ayVtt9zc+97HLnhCe92qkM8WoXZgMuQth4mXyTQXneC2WUL rFKUud6Bz4CMDGmuxm/ejpURRTcuJrqnWbQGihtRQfdafDfmD6y/pFCr7RGfl1h0wNWG lsROdEaQtqywn6q6DIQLp8uw5YEOUDOQZHx9McEdieg5BZ/cMNdQngyXPmAlljauz2Dw hj5A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:message-id:date:from:user-agent:mime-version:to :cc:subject:references:in-reply-to:content-transfer-encoding; bh=6J23ODX6DWeeQfBnwHuUoUXppHyCs6ZEqOcdZL2i/qU=; b=fRei3rKc4vT8FoGe5NeuLX0dGkH/x3CH4Ism3+OOAGN2T08h58sobq7UiYc2xBiqi2 yMR5uJhsiak1lVcr1GWqMQqOBm+HN2sJSZellK4zBCCiOWVjwBEHe4wUupX344HRrBjS mvulKXgMeb/Cv9DmdNLKGRZpvRBV0AUJ71TzNC+2y82TLzZX/r/6a3tHJWOU+EyCJEyJ LAsFxTMUUi+GeDKgSdlhe7KofAzXKZeKGmz2O6hjBmB/omKphLDuKTDvdtf8SvNXiWXu P6uaHNIvqrkE8FPtmUjMY7izzWIM6lcn6GT9/ICnEWceY6dGzCsyBfalA3J5P6uoBw4Y CFdA== X-Gm-Message-State: AEkoout/4+UTk4be24Rv+v3KuDQlu3x4e0pZlo7kvgU4QZ2nOd29w68NemH6fsGY1mDuOg== X-Received: by 10.36.44.209 with SMTP id i200mr14492978iti.91.1471395895449; Tue, 16 Aug 2016 18:04:55 -0700 (PDT) Received: from [10.0.10.3] (cpe-24-165-196-54.neo.res.rr.com. [24.165.196.54]) by smtp.googlemail.com with ESMTPSA id i191sm10794791itf.13.2016.08.16.18.04.54 (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Tue, 16 Aug 2016 18:04:55 -0700 (PDT) Message-ID: <57B3B858.4000707@gmail.com> Date: Tue, 16 Aug 2016 21:05:28 -0400 From: Ernie Luzar User-Agent: Thunderbird 2.0.0.24 (Windows/20100228) MIME-Version: 1.0 To: "Bjoern A. Zeeb" CC: CyberLeo Kitsana , "freebsd-jail@freebsd.org" , Freebsd Questions , krad , James Gritton Subject: Re: testing 11.0-RC1 vnet jails with ipfilter References: <57B1E1BC.4090205@gmail.com> <078403E1-D8A3-4E52-B218-7A8B4400749A@lists.zabbadoz.net> <57B375C6.9030500@gmail.com> <89E52542-8E6B-4BA6-921E-E939A3F3A038@lists.zabbadoz.net> In-Reply-To: <89E52542-8E6B-4BA6-921E-E939A3F3A038@lists.zabbadoz.net> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 17 Aug 2016 01:04:56 -0000 Bjoern A. Zeeb wrote: > On 16 Aug 2016, at 21:08, CyberLeo Kitsana wrote: > >> On 08/16/2016 03:21 PM, Ernie Luzar wrote: >> >>> Issuing "ipf -FS -Fa" command from within the vnet jail gives this >>> message, "open device:no such file or directory. User kernel version >>> check failed. >> >> According to ipf(8), the ipfilter utilities touch /dev/ipauth , /dev/ipl >> , and /dev/ipstate . Have you checked that the devfs ruleset applied to >> your jail has those unhidden? >> >>> Issuing "ipfstat -hnio command from within the vnet jail gives this >>> message, open(IPSTATE_NAME):no such file or directory. >> >> ipfstat(8) also lists /dev/kmem ; I suspect that including this may be a >> bad idea. > > /dev/kmem is a bad idea; I should go and check what it is using it for > and if needed we should fix that. > > > I guess the general thing is that we might want to create another > default set of devfs rules which include additional nodes we now > consider safe inside VNET jails; the jail.conf still needs to know the > right ruleset to apply, so the jail.conf would need to specify the other > devfs_ruleset=“..” for vnet jails. Maybe Jamie could then come up with > an intelligent solution that would automatically flip things if option > vnet is set? I guess jail.conf(5) will need more examples for these > things as well. > > > /bz > If thats the road you are thinking of going down, then we have to look at the big picture. Is another rule set say number 5 that includes rule set number 4 plus the nodes for ipfilter, pf, and ipfw. Or maybe a separate rule set for each firewall which is more secure. There is no way jail(8) could know which firewall if any was going to be run in the vnet jail to select the correct rule if there were separate rules for each firewall. A combined rule set containing everything needed for all 3 firewalls would be something jail(8) could auto default to if vnet option was coded. In light of 11.0 release being published soon there should be something posted to the release notes talking about this with sample code for a combined rule #5. This would give vnet users a copy & paste solution to use until jail(8) gets updated in 11.1. I tried this rule set in /etc/devfs.rules [devfsrules_jail=5] add include $devfsrules_jail add path /dev/ipl unhide add path /dev/ipauth unhide add path /dev/ipstate unhide Boot time get error message that this was invalid. If I could get a correct syntax combined rule #5 file, I could continue testing all 3 firewalls using 11.0-RC1. Your help would be greatly appreciated. From owner-freebsd-jail@freebsd.org Wed Aug 17 07:22:49 2016 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 7D825BBB632; Wed, 17 Aug 2016 07:22:49 +0000 (UTC) (envelope-from lars@e-new.0x20.net) Received: from mail.0x20.net (mail.0x20.net [IPv6:2001:aa8:fffb:1::3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "0x20.net", Issuer "StartCom Class 1 DV Server CA" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 338BC13A9; Wed, 17 Aug 2016 07:22:49 +0000 (UTC) (envelope-from lars@e-new.0x20.net) Received: from e-new.0x20.net (mail.0x20.net [IPv6:2001:aa8:fffb:1::3]) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by mail.0x20.net (Postfix) with ESMTPS id 2276C6E0081; Wed, 17 Aug 2016 09:22:46 +0200 (CEST) Received: from e-new.0x20.net (localhost [127.0.0.1]) by e-new.0x20.net (8.14.7/8.14.7) with ESMTP id u7H7Mjd4014879; Wed, 17 Aug 2016 09:22:45 +0200 (CEST) (envelope-from lars@e-new.0x20.net) Received: (from lars@localhost) by e-new.0x20.net (8.14.7/8.14.7/Submit) id u7H7Mi0j013011; Wed, 17 Aug 2016 09:22:44 +0200 (CEST) (envelope-from lars) Date: Wed, 17 Aug 2016 09:22:44 +0200 From: Lars Engels To: Ernie Luzar Cc: "Bjoern A. Zeeb" , CyberLeo Kitsana , "freebsd-jail@freebsd.org" , Freebsd Questions , James Gritton , krad Subject: Re: testing 11.0-RC1 vnet jails with ipfilter Message-ID: <20160817072244.GO18643@e-new.0x20.net> References: <57B1E1BC.4090205@gmail.com> <078403E1-D8A3-4E52-B218-7A8B4400749A@lists.zabbadoz.net> <57B375C6.9030500@gmail.com> <89E52542-8E6B-4BA6-921E-E939A3F3A038@lists.zabbadoz.net> <57B3B858.4000707@gmail.com> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="f0PSjARDFl/vfYT5" Content-Disposition: inline In-Reply-To: <57B3B858.4000707@gmail.com> X-Editor: VIM - Vi IMproved 7.4 X-Operation-System: FreeBSD 8.4-RELEASE-p23 User-Agent: Mutt/1.5.23 (2014-03-12) X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 17 Aug 2016 07:22:49 -0000 --f0PSjARDFl/vfYT5 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Aug 16, 2016 at 09:05:28PM -0400, Ernie Luzar wrote: > Bjoern A. Zeeb wrote: > > On 16 Aug 2016, at 21:08, CyberLeo Kitsana wrote: > >=20 > >> On 08/16/2016 03:21 PM, Ernie Luzar wrote: > >> > >>> Issuing "ipf -FS -Fa" command from within the vnet jail gives this > >>> message, "open device:no such file or directory. User kernel version > >>> check failed. > >> > >> According to ipf(8), the ipfilter utilities touch /dev/ipauth , /dev/i= pl > >> , and /dev/ipstate . Have you checked that the devfs ruleset applied to > >> your jail has those unhidden? > >> > >>> Issuing "ipfstat -hnio command from within the vnet jail gives this > >>> message, open(IPSTATE_NAME):no such file or directory. > >> > >> ipfstat(8) also lists /dev/kmem ; I suspect that including this may be= a > >> bad idea. > >=20 > > /dev/kmem is a bad idea; I should go and check what it is using it for= =20 > > and if needed we should fix that. > >=20 > >=20 > > I guess the general thing is that we might want to create another=20 > > default set of devfs rules which include additional nodes we now=20 > > consider safe inside VNET jails; the jail.conf still needs to know the= =20 > > right ruleset to apply, so the jail.conf would need to specify the othe= r=20 > > devfs_ruleset=3D=E2=80=9C..=E2=80=9D for vnet jails. Maybe Jamie could= then come up with=20 > > an intelligent solution that would automatically flip things if option= =20 > > vnet is set? I guess jail.conf(5) will need more examples for these= =20 > > things as well. > >=20 > >=20 > > /bz > >=20 >=20 > If thats the road you are thinking of going down, then we have to look=20 > at the big picture. Is another rule set say number 5 that includes rule= =20 > set number 4 plus the nodes for ipfilter, pf, and ipfw. Or maybe a=20 > separate rule set for each firewall which is more secure. >=20 > There is no way jail(8) could know which firewall if any was going to be= =20 > run in the vnet jail to select the correct rule if there were separate=20 > rules for each firewall. A combined rule set containing everything=20 > needed for all 3 firewalls would be something jail(8) could auto default= =20 > to if vnet option was coded. >=20 > In light of 11.0 release being published soon there should be something= =20 > posted to the release notes talking about this with sample code for a=20 > combined rule #5. This would give vnet users a copy & paste solution to= =20 > use until jail(8) gets updated in 11.1. >=20 > I tried this rule set in /etc/devfs.rules >=20 > [devfsrules_jail=3D5] > add include $devfsrules_jail > add path /dev/ipl unhide > add path /dev/ipauth unhide > add path /dev/ipstate unhide I think you have to remove '/dev/' >=20 > Boot time get error message that this was invalid. >=20 > If I could get a correct syntax combined rule #5 file, I could continue= =20 > testing all 3 firewalls using 11.0-RC1. >=20 > Your help would be greatly appreciated. >=20 >=20 >=20 >=20 >=20 >=20 >=20 >=20 >=20 > _______________________________________________ > freebsd-jail@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-jail > To unsubscribe, send any mail to "freebsd-jail-unsubscribe@freebsd.org" --f0PSjARDFl/vfYT5 Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQF8BAEBCgBmBQJXtBDEXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ4RjQwMDE3RTRERjUzMTI1N0FGRTUxNDlF NTRDQjM3RDNBMDg5RDZEAAoJEOVMs306CJ1t17IH/RN4z88uvgE1bZr4DsDYS1We LMfGoKzqJKW5tcWdpwBENXo3N03ZF1HrwZntdeklDG2GZz27uVhgsW9W2Gk5qYwl PL9BCfzSrJPOeU4M0soojIioGFqrTMBdZgjOdz/pjMMaXKz+PlpBFNoPCZeRVY+o haq790satiGhymUGkMFzv48ckle7xRUbVwvfE8fxSoFJE8LD/FnBXLddUq1EfPXy gd16CvI3SSnrZsXKWZhRy9k5CgJ+wikqBXz57pFpImQZTU23Hxu54cVZ+k+8wv/y k+ikar/FoCRdjd04nHFOedWIq2nuovsCP2E5noDfxnrn+c9x+Vu1uIasoLpnfqg= =OR/x -----END PGP SIGNATURE----- --f0PSjARDFl/vfYT5-- From owner-freebsd-jail@freebsd.org Wed Aug 17 07:45:57 2016 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 2966ABBBEAB; Wed, 17 Aug 2016 07:45:57 +0000 (UTC) (envelope-from alexander@leidinger.net) Received: from mail.ebusiness-leidinger.de (mail.ebusiness-leidinger.de [217.11.53.44]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id A42551704; Wed, 17 Aug 2016 07:45:56 +0000 (UTC) (envelope-from alexander@leidinger.net) Received: from outgoing.leidinger.net (p549CDFED.dip0.t-ipconnect.de [84.156.223.237]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mail.ebusiness-leidinger.de (Postfix) with ESMTPSA id 7D7DF83F8A3; Wed, 17 Aug 2016 09:36:43 +0200 (CEST) Received: from webmail.leidinger.net (webmail.Leidinger.net [IPv6:fd73:10c7:2053:1::3:102]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by outgoing.leidinger.net (Postfix) with ESMTPS id 4560D3294; Wed, 17 Aug 2016 09:36:16 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=leidinger.net; s=outgoing-alex; t=1471419376; bh=5K7VHqIV9zqMNwntJBTfn6M3KPMnX+5lL3BPve9KhGs=; h=Date:From:To:Cc:Subject:References:In-Reply-To; b=usoUNps19l/TtR+wporwypVXgDAdowhQEQL7pZRYFyRCPHw2KNl/+uhfa//5L3qkr mnZYFmaynUwUxr3Zk6j3HDkxgUum5tgAT64ktNonGSNAqorWTX4XfvAO1JsHXpXysM V0XDJeuUCEbW7MKSks0as1mhTTvjkK/Csy5hu6RmMhXzFFehkZJ0DZPRct528jsEfi CBdiLHZHFXg9zVPHLb8qb8S7OSXlz/vxKrN8MpN1wB0SxQlesurMKYvB2qFYyzM/vl lw6ojwnNhhFOXFwkLMCqsfQy/xcyOeM9EsYjy431YpmKYgS3K+vZMVuyozMyGLCW8r ax3WNtQi1TQ9A== Received: (from www@localhost) by webmail.leidinger.net (8.15.2/8.14.4/Submit) id u7H7aFda002453; Wed, 17 Aug 2016 09:36:15 +0200 (CEST) (envelope-from Alexander@leidinger.net) X-Authentication-Warning: webmail.leidinger.net: www set sender to Alexander@leidinger.net using -f Received: from IO.Leidinger.net (IO.Leidinger.net [192.168.1.11]) by webmail.leidinger.net (Horde Framework) with HTTPS; Wed, 17 Aug 2016 09:36:15 +0200 Date: Wed, 17 Aug 2016 09:36:15 +0200 Message-ID: <20160817093615.Horde.6B4nFB_mNqhEm9nGwvdsXWg@webmail.leidinger.net> From: Alexander Leidinger To: CyberLeo Kitsana Cc: Ernie Luzar , "Bjoern A. Zeeb" , freebsd-jail@freebsd.org, Freebsd Questions , krad Subject: Re: testing 11.0-RC1 vnet jails with ipfilter References: <57B1E1BC.4090205@gmail.com> <078403E1-D8A3-4E52-B218-7A8B4400749A@lists.zabbadoz.net> <57B375C6.9030500@gmail.com> In-Reply-To: User-Agent: Horde Application Framework 5 Content-Type: multipart/signed; boundary="=_X7rKGRrDNnXAMuNbjs83Gu9"; protocol="application/pgp-signature"; micalg=pgp-sha1 MIME-Version: 1.0 X-EBL-MailScanner-Information: Please contact the ISP for more information X-EBL-MailScanner-ID: 7D7DF83F8A3.A7496 X-EBL-MailScanner: Found to be clean X-EBL-MailScanner-SpamCheck: not spam, spamhaus-ZEN, SpamAssassin (not cached, score=-0.023, required 6, autolearn=disabled, DKIM_SIGNED 0.10, DKIM_VALID -0.10, DKIM_VALID_AU -0.10, TW_EV 0.08) X-EBL-MailScanner-From: alexander@leidinger.net X-EBL-MailScanner-Watermark: 1472024294.4764@8NhI8HpnvocxbvYC6YTyFw X-EBL-Spam-Status: No X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 17 Aug 2016 07:45:57 -0000 This message is in MIME format and has been PGP signed. --=_X7rKGRrDNnXAMuNbjs83Gu9 Content-Type: text/plain; charset=utf-8; format=flowed; DelSp=Yes Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Quoting CyberLeo Kitsana (from Tue, 16 Aug=20=20 2016=2016:08:42 -0500): >> Issuing "ipfstat -hnio command from within the vnet jail gives this >> message, open(IPSTATE_NAME):no such file or directory. > > ipfstat(8) also lists /dev/kmem ; I suspect that including this may be a > bad idea. kmem will give access to the complete memory of the host. If your goal=20= =20 is=20tighter security (instead of just improved managability due to a=20=20 less=20wide scope of the rules needed), then this is a no-go. Just adding kmem in the devfs rules will not help anyway, the kernel=20=20 disallows=20access to it even if present in the jail (except you run my=20= =20 X11-in-a-jail=20patch and have the corresponding option activated for=20=20 the=20jail). Bye, Alexander. --=20 http://www.Leidinger.net=20Alexander@Leidinger.net: PGP 0x8F31830F9F2772BF http://www.FreeBSD.org netchild@FreeBSD.org : PGP 0x8F31830F9F2772BF --=_X7rKGRrDNnXAMuNbjs83Gu9 Content-Type: application/pgp-signature Content-Description: Digitale PGP-Signatur Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAABAgAGBQJXtBPvAAoJEKrxQhqFIICEHJ0P/2WExXUMwOjM9d9WEz0vD5yj 9UthucksCGMDcxHbsN7Y6VBIxHU/fpmI3dNsm7AI4SZ0WpIhn6P2+sDY146HclOR z2SLtIyftW0Royttx39pQIduG7njXGZQ1tZMo6b5t72l84WdpJHBNxXlMAVT0MxS 1s+QoU/e4oi1KVzZtYtAsrr53EfP6S3fVXhchSF/V076Exsmrto7RNPYIzoQtR3I 5FxPeYA8X4Edx0nUzUVrgeE9qBK1hvkInbarDDXYOX84yHeB7j+7bl2AjJVs2pH1 EynXA64vVqmgcLN2gFpULU++M/j3AS6GFC9aKFnD10GxR7iFuZ1xOJ5DEvpdvs4F cdlmPL8Gx5V0WxvU57WU7ayISZm/7C0JmDjZhYm4YxSQ5kqyzQN+J5tmARH11axQ 9UlzWRNkUrnonFE7EeQ7MtuK5i9PTFA3i+kImS/XOXP+gfAoj3EIV4CW5Mu/LbCK xeDPMjsKB1tYga0HkDX5+2utD4o8DVWgnEhpEDUUxlonyvTVc+w1wmkB5b9DoqBE SeLQTqtwDNPNnnZHQCZD2wCShHvZF7Qhh+t/EIWbVtEfRc/mGKwriOmZjpoyOxJK lgh4qtiaLVesu+yJK/Tt2O28DKDrKXjSy0UFY6hzvDdTdWXo0bCwTEVK6vuAOzE1 Ra4UGYKnZ2mIFodb5V9P =Vx1M -----END PGP SIGNATURE----- --=_X7rKGRrDNnXAMuNbjs83Gu9-- From owner-freebsd-jail@freebsd.org Wed Aug 17 13:32:16 2016 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 52D68BBD176; Wed, 17 Aug 2016 13:32:16 +0000 (UTC) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from mx1.sbone.de (bird.sbone.de [46.4.1.90]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (Client CN "mx1.sbone.de", Issuer "SBone.DE" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 0F7361606; Wed, 17 Aug 2016 13:32:15 +0000 (UTC) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from mail.sbone.de (mail.sbone.de [IPv6:fde9:577b:c1a9:31::2013:587]) (using TLSv1 with cipher ADH-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by mx1.sbone.de (Postfix) with ESMTPS id 5803225D3899; Wed, 17 Aug 2016 13:32:06 +0000 (UTC) Received: from content-filter.sbone.de (content-filter.sbone.de [IPv6:fde9:577b:c1a9:31::2013:2742]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.sbone.de (Postfix) with ESMTPS id 604C8D1F8A3; Wed, 17 Aug 2016 13:32:05 +0000 (UTC) X-Virus-Scanned: amavisd-new at sbone.de Received: from mail.sbone.de ([IPv6:fde9:577b:c1a9:31::2013:587]) by content-filter.sbone.de (content-filter.sbone.de [fde9:577b:c1a9:31::2013:2742]) (amavisd-new, port 10024) with ESMTP id OdQQbpDC76_7; Wed, 17 Aug 2016 13:32:04 +0000 (UTC) Received: from [10.248.105.13] (fresh-tun0-ula.sbone.de [IPv6:fde9:577b:c1a9:4920:2ef0:eeff:fe03:ee34]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by mail.sbone.de (Postfix) with ESMTPSA id 44006D1F87D; Wed, 17 Aug 2016 13:32:03 +0000 (UTC) From: "Bjoern A. Zeeb" To: "Ernie Luzar" Cc: "CyberLeo Kitsana" , "freebsd-jail@freebsd.org" , "Freebsd Questions" , krad , "James Gritton" Subject: Re: testing 11.0-RC1 vnet jails with ipfilter Date: Wed, 17 Aug 2016 13:32:01 +0000 Message-ID: <8ED2CC0F-9254-4A91-A548-A97EBA02A962@lists.zabbadoz.net> In-Reply-To: <57B3B858.4000707@gmail.com> References: <57B1E1BC.4090205@gmail.com> <078403E1-D8A3-4E52-B218-7A8B4400749A@lists.zabbadoz.net> <57B375C6.9030500@gmail.com> <89E52542-8E6B-4BA6-921E-E939A3F3A038@lists.zabbadoz.net> <57B3B858.4000707@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed; markup=markdown Content-Transfer-Encoding: 8bit X-Mailer: MailMate (2.0BETAr6051) X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 17 Aug 2016 13:32:16 -0000 On 17 Aug 2016, at 1:05, Ernie Luzar wrote: > In light of 11.0 release being published soon there should be > something posted to the release notes talking about this with sample > code for a combined rule #5. This would give vnet users a copy & paste > solution to use until jail(8) gets updated in 11.1. VIMAGE is not a feature shipping by default in 11.0; I don’t see the point to put more details into the release notes than needed; we should figure out samples/man pages/wiki maybe/handbook though. From owner-freebsd-jail@freebsd.org Wed Aug 17 15:28:43 2016 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id C2F3EBBC408; Wed, 17 Aug 2016 15:28:43 +0000 (UTC) (envelope-from luzar722@gmail.com) Received: from mail-io0-x244.google.com (mail-io0-x244.google.com [IPv6:2607:f8b0:4001:c06::244]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 874DB120E; Wed, 17 Aug 2016 15:28:43 +0000 (UTC) (envelope-from luzar722@gmail.com) Received: by mail-io0-x244.google.com with SMTP id y195so10673480iod.0; Wed, 17 Aug 2016 08:28:43 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-transfer-encoding; bh=75GUlvqJK6zoWuyrZcKOVT5nvwxxlr1AHGFQTN6yQu4=; b=BWOS3Xx7y7DqbmBLoCMS59OsXK+RFBFWoh+04M8BsOuSfSN02lXO3vm0VXHdT05Y+p TC0JQJPBkVBsXPYilokGkMd/m8VWuMxV1lbAFB5u6xaUd4nxhGkpDXiEpx3IEBD3t6S8 iiHd6gv3nc7sseQn2M/Gh/F7SdXgVVJyI42WVVcWyuFlbWug9FxHkwC3qG5r6PRxYCKr BNggDyd/z+qTR8RXQkfB61ju2LRMtnXv8COEw8gDf+QkGj7crArENsAjB/F1rm1ztQh+ kF++E2E39mmHEsU+zkSwHYlOpAfTVeGXZf0itDye1XuhuL3CtQ57aj5tRuTqDpsI23sb 6Dqg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:message-id:date:from:user-agent:mime-version:to :cc:subject:references:in-reply-to:content-transfer-encoding; bh=75GUlvqJK6zoWuyrZcKOVT5nvwxxlr1AHGFQTN6yQu4=; b=WLeHvQEHlm5ymA2ozpy/nlVtOOeZoWkQTakGRMpCbLVq+mPUCFWHl/rFmZWgTyw4ba T+CesdxpBXRHoMU9DD0TOWQ1cMUNj+Uli4idPCO6vVWYzFZWqReedaC2TDDsvxLRB04y rODejPvlIO2JaTgHI+Sq/cfMB2t8a2ah8M/3Mg6w99shnI9/ZiSjs3cyEXTRPbA7uNqj wzYr8svamAsZgQaQ42GSxddm9v9QXJiu7OFT+edfEYhoeYdKdtHaOprhWXs6uCuhliUx pRQgSjTV5JUZaKly5JlXMIFo3feFNbyU4ULVXNhgcUQwVXhnSqOu3EsdOt2UqTxgI81z VxVg== X-Gm-Message-State: AEkoouv1f9uZzySb+LmP3ajACz3b/G737OBubZt2qB648hL3BtEwm3uA+eGPhPP2UgHRrQ== X-Received: by 10.107.132.200 with SMTP id o69mr48025997ioi.134.1471447722767; Wed, 17 Aug 2016 08:28:42 -0700 (PDT) Received: from [10.0.10.3] (cpe-24-165-196-54.neo.res.rr.com. [24.165.196.54]) by smtp.googlemail.com with ESMTPSA id b136sm45160iti.14.2016.08.17.08.28.41 (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Wed, 17 Aug 2016 08:28:42 -0700 (PDT) Message-ID: <57B482B4.8090708@gmail.com> Date: Wed, 17 Aug 2016 11:28:52 -0400 From: Ernie Luzar User-Agent: Thunderbird 2.0.0.24 (Windows/20100228) MIME-Version: 1.0 To: Alexander Leidinger CC: CyberLeo Kitsana , "Bjoern A. Zeeb" , freebsd-jail@freebsd.org, Freebsd Questions , krad , lars.engels@0x20.net Subject: Re: testing 11.0-RC1 vnet jails with ipfilter References: <57B1E1BC.4090205@gmail.com> <078403E1-D8A3-4E52-B218-7A8B4400749A@lists.zabbadoz.net> <57B375C6.9030500@gmail.com> <20160817093615.Horde.6B4nFB_mNqhEm9nGwvdsXWg@webmail.leidinger.net> In-Reply-To: <20160817093615.Horde.6B4nFB_mNqhEm9nGwvdsXWg@webmail.leidinger.net> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 17 Aug 2016 15:28:43 -0000 Here is my new rules file. I have tested it with the commented out lines and with the comments removed. Tested on vimage/ipfilter kernel and vimage only kernel. In all 4 combinations the "ipf" and "ipstat" commands work. I can see the ipf firewall rules. The problem is when issuing the ping command from within the vnet jail nothing happens. The count of packets shown by the ipstat command stay at zero. The var/log/messages in the vnet jail is not populated. The ipf.log on the host only has ipv6 multcast packets from when the vnet jail is started. No ipv4 ping packets. ipfilter in a vnet/vimage jail is broken. If anyone has suggestions to try let me know. [devfsrules_vjail_ipf=5] add include $devfsrules_jail add path ipl unhide add path ipl0 unhide add path ipf unhide add path ipauth unhide add path ipnat unhide add path ipstate unhide # used by ipstate #add path kmem unhide #add path kernel unhide # full list of ioctl used by ipf #add path SIOCIPFFB unhide #add path FIONREAD unhide #add path SIOCADDFR unhide #add path SIOCDELFR unhide #add path SIOCIPFFR unhide #add path SIOCADAFR unhide #add path SIOCRMAFR unhide #add path SIOCADIFR unhide #add path SIOCRMIFR unhide #add path SIOCINAFR unhide #add path SIOCINIFR unhide #add path SIOCSETFF unhide #add path SIOGGETFF unhide #add path SIOCGETFS unhide #add path SIOCIPFFL unhide #add path SIOCIPFFB unhide #add path SIOCSWAPA unhide #add path SIOCFRENB unhide #add path SIOCFRSYN unhide #add path SIOCFRZST unhide #add path SIOCZRLST unhide #add path SIOCAUTHW unhide #add path SIOCAUTHR unhide #add path SIOCATHST unhide From owner-freebsd-jail@freebsd.org Thu Aug 18 01:57:56 2016 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id B5AC3BBE015 for ; Thu, 18 Aug 2016 01:57:56 +0000 (UTC) (envelope-from webmaster@cgconcept.ch) Received: from smtp-imu1.infomaniak.ch (smtp-imu1.infomaniak.ch [84.16.68.109]) by mx1.freebsd.org (Postfix) with ESMTP id 67F971F73 for ; Thu, 18 Aug 2016 01:57:55 +0000 (UTC) (envelope-from webmaster@cgconcept.ch) Received: from h2web25.infomaniak.ch (h2web25.infomaniak.ch [128.65.195.27]) by smtp-imu1.infomaniak.ch (8.14.5/8.14.5) with ESMTP id u7I1vSJW019227 for ; Thu, 18 Aug 2016 03:57:28 +0200 Received: from h2web25.infomaniak.ch (localhost [127.0.0.1]) by h2web25.infomaniak.ch (8.14.5/8.14.5) with ESMTP id u7I1vS3E000996 for ; Thu, 18 Aug 2016 03:57:28 +0200 Received: (from uid29155@localhost) by h2web25.infomaniak.ch (8.14.5/8.14.2/Submit) id u7I1vSOK000991; Thu, 18 Aug 2016 03:57:28 +0200 X-Authentication-Warning: h2web25.infomaniak.ch: uid29155 set sender to webmaster@cgconcept.ch using -f To: freebsd-jail@freebsd.org Subject: Courier was unable to deliver the parcel, ID00145965 Date: Thu, 18 Aug 2016 03:57:28 +0200 From: "FedEx International MailService" Reply-To: "FedEx International MailService" Message-ID: <86d90b541460803a15829c2ec65a0cb5@cgconcept.ch> X-Priority: 3 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Content-Filtered-By: Mailman/MimeDel 2.1.22 X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 18 Aug 2016 01:57:56 -0000 Dear Customer, We could not deliver your item. Shipment Label is attached to this email. Warm regards, Ted Conley, Delivery Manager. From owner-freebsd-jail@freebsd.org Fri Aug 19 22:19:38 2016 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 91473BBF52C for ; Fri, 19 Aug 2016 22:19:38 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 802E41E98 for ; Fri, 19 Aug 2016 22:19:38 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u7JMJb46068492 for ; Fri, 19 Aug 2016 22:19:38 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-jail@FreeBSD.org Subject: [Bug 211353] mail/sendmail failing during staging under poudriere FreeBSD 11+ Date: Fri, 19 Aug 2016 22:19:37 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Ports & Packages X-Bugzilla-Component: Individual Port(s) X-Bugzilla-Version: Latest X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: commit-hook@freebsd.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-ports-bugs@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 19 Aug 2016 22:19:38 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D211353 --- Comment #1 from commit-hook@freebsd.org --- A commit references this bug: Author: marino Date: Fri Aug 19 22:19:11 UTC 2016 New revision: 420495 URL: https://svnweb.freebsd.org/changeset/ports/420495 Log: mail/sendmail: fix stage-qa error The strip command for sbin/sendmail fails due to the permissions of the program installed in the stage directory. Change the staged sendmail mode to 755 so that the strip command succeeds. The pkg-list specifies the final mode to be 2555. PR: 211353 Reported by: dave (ci.com.au) Final fix: marino@ Appproved by: maintainer timeout Changes: head/mail/sendmail/Makefile --=20 You are receiving this mail because: You are on the CC list for the bug.= From owner-freebsd-jail@freebsd.org Fri Aug 19 22:19:54 2016 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 7DD96BBF597 for ; Fri, 19 Aug 2016 22:19:54 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 6D1831F45 for ; Fri, 19 Aug 2016 22:19:54 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u7JMJsuo068878 for ; Fri, 19 Aug 2016 22:19:54 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-jail@FreeBSD.org Subject: [Bug 211353] mail/sendmail failing during staging under poudriere FreeBSD 11+ Date: Fri, 19 Aug 2016 22:19:54 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Ports & Packages X-Bugzilla-Component: Individual Port(s) X-Bugzilla-Version: Latest X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: marino@FreeBSD.org X-Bugzilla-Status: Closed X-Bugzilla-Resolution: FIXED X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-ports-bugs@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_status cc resolution Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 19 Aug 2016 22:19:54 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D211353 John Marino changed: What |Removed |Added ---------------------------------------------------------------------------- Status|New |Closed CC| |marino@FreeBSD.org Resolution|--- |FIXED --=20 You are receiving this mail because: You are on the CC list for the bug.= From owner-freebsd-jail@freebsd.org Sat Aug 20 14:29:10 2016 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id D7741BC02CE for ; Sat, 20 Aug 2016 14:29:10 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id C70D614F0 for ; Sat, 20 Aug 2016 14:29:10 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u7KETAae018076 for ; Sat, 20 Aug 2016 14:29:10 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-jail@FreeBSD.org Subject: [Bug 211353] mail/sendmail failing during staging under poudriere FreeBSD 11+ Date: Sat, 20 Aug 2016 14:29:10 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Ports & Packages X-Bugzilla-Component: Individual Port(s) X-Bugzilla-Version: Latest X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: koobs@FreeBSD.org X-Bugzilla-Status: Closed X-Bugzilla-Resolution: FIXED X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: marino@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: assigned_to Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 20 Aug 2016 14:29:10 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D211353 Kubilay Kocak changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|freebsd-ports-bugs@FreeBSD. |marino@FreeBSD.org |org | --=20 You are receiving this mail because: You are on the CC list for the bug.= From owner-freebsd-jail@freebsd.org Sat Aug 20 15:36:25 2016 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id B01AABC0866 for ; Sat, 20 Aug 2016 15:36:25 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 9F859147D for ; Sat, 20 Aug 2016 15:36:25 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u7KFaPc6085663 for ; Sat, 20 Aug 2016 15:36:25 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-jail@FreeBSD.org Subject: [Bug 211353] mail/sendmail failing during staging under poudriere FreeBSD 11+ Date: Sat, 20 Aug 2016 15:36:25 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Ports & Packages X-Bugzilla-Component: Individual Port(s) X-Bugzilla-Version: Latest X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: marino@FreeBSD.org X-Bugzilla-Status: Closed X-Bugzilla-Resolution: FIXED X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: marino@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: cc Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 20 Aug 2016 15:36:25 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D211353 John Marino changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |koobs@FreeBSD.org --- Comment #2 from John Marino --- Can I request not to be assigned PRs after they are closed? This practice is completely unnecessary. I'm already on the CC so if anyone responds, I would see it. I don't want to be assigned PRs after I close them with no action (for what= ever reason) or if I fix them. Implicitly I'll take responsibility for any comm= it I make, but that doesn't extend to taking additional responsibility for the p= ort or the PR. Continuing this practice will result in me doing nothing in the future. I don't know when this practice started, or where it was discussed, but I d= on't like it. --=20 You are receiving this mail because: You are on the CC list for the bug.= From owner-freebsd-jail@freebsd.org Sat Aug 20 16:01:52 2016 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id E41AEBC00F8 for ; Sat, 20 Aug 2016 16:01:52 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id B9D0C143B for ; Sat, 20 Aug 2016 16:01:52 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u7KG1qI7060791 for ; Sat, 20 Aug 2016 16:01:52 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-jail@FreeBSD.org Subject: [Bug 211353] mail/sendmail failing during staging under poudriere FreeBSD 11+ Date: Sat, 20 Aug 2016 16:01:52 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Ports & Packages X-Bugzilla-Component: Individual Port(s) X-Bugzilla-Version: Latest X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: koobs@FreeBSD.org X-Bugzilla-Status: Closed X-Bugzilla-Resolution: FIXED X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: marino@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 20 Aug 2016 16:01:53 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D211353 --- Comment #3 from Kubilay Kocak --- (In reply to John Marino from comment #2) Closing an issue is implicitly taking responsibility for it in the same way= a commit in the tree is, as a decision is being made by the closer, whether w= ith a change (commit) or not (rejected, feedback timeout). The scope is (can) n= ot limited to the commit as any followup as a result of that commit is also implicitly related to the issue. The other reason for assignment is for accurate statistics and reporting (w= ho did what when), and the fact that the default assignee of all ports issues being freebsd-ports-bugs (empty or unassigned), so that notifications go somewhere lest they never get actioned(read: assigned then resolved). If everyone used the issue tracker and not mailing lists, then issues would go from unassigned to assigned in that case. Having real assignees set as early as possible reduces the noise:signal rat= io for every one else at all points during an issues lifetime, which still rem= ains high. Issues being inaccurately or incompletely classified in the past, assignee = or any field, is only evidence of inconsistent/adhoc issue tracking practices,= not of a defacto standard. If this constitutes a genuine impact or burden on you, please email bugmeis= ter@ where we can aim to understand the issue in more detail and discuss it in a more amenable manner and place. --=20 You are receiving this mail because: You are on the CC list for the bug.= From owner-freebsd-jail@freebsd.org Sat Aug 20 16:13:48 2016 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id B9DE9BC0382 for ; Sat, 20 Aug 2016 16:13:48 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id A97EA1991 for ; Sat, 20 Aug 2016 16:13:48 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u7KGDmDa000475 for ; Sat, 20 Aug 2016 16:13:48 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-jail@FreeBSD.org Subject: [Bug 211353] mail/sendmail failing during staging under poudriere FreeBSD 11+ Date: Sat, 20 Aug 2016 16:13:48 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Ports & Packages X-Bugzilla-Component: Individual Port(s) X-Bugzilla-Version: Latest X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: marino@FreeBSD.org X-Bugzilla-Status: Closed X-Bugzilla-Resolution: FIXED X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: marino@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 20 Aug 2016 16:13:48 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D211353 --- Comment #4 from John Marino --- Why should I have to continue to expend energy on what appears to be a unilateral action? Why is not my explicit request enough to put this to be= d? I fundamentally disagree with most of what you said. You can't, on one hand, say that ports@FreeBSD.org means "community maintai= ned" ports rather than unmaintained ports and on the other hand say that PRs can= 't be similarly community maintained. Most of what I do is spend a few hours of my time dispositioning old PRs because nobody else spent any effort to do so. That does NOT imply that I = want any future responsibility for the PR. We are all responsible for individu= al commits we make, so clearly I accept that. I've said I don't want to be the "real assignee"; if I wanted that I would = have changed the assignment myself.=20 If this "policy" is already documented, please point to where it's publishe= d.=20 I don't recall ever seeing a proposal on this asking for feedback. It just started happening. --=20 You are receiving this mail because: You are on the CC list for the bug.= From owner-freebsd-jail@freebsd.org Sat Aug 20 16:15:49 2016 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 9CFB9BC03DA for ; Sat, 20 Aug 2016 16:15:49 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 8CA5F19DA for ; Sat, 20 Aug 2016 16:15:49 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u7KGFnLv003325 for ; Sat, 20 Aug 2016 16:15:49 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-jail@FreeBSD.org Subject: [Bug 211353] mail/sendmail failing during staging under poudriere FreeBSD 11+ Date: Sat, 20 Aug 2016 16:15:49 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Ports & Packages X-Bugzilla-Component: Individual Port(s) X-Bugzilla-Version: Latest X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: marino@FreeBSD.org X-Bugzilla-Status: Closed X-Bugzilla-Resolution: FIXED X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: marino@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 20 Aug 2016 16:15:49 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D211353 --- Comment #5 from John Marino --- by the way, you removed the actual maintainer, dinoex@ from the PR in order= to give it to me, and I *really* have an issue about that. The maintainer, in most cases, should be the assignee no matter who actually commits. --=20 You are receiving this mail because: You are on the CC list for the bug.= From owner-freebsd-jail@freebsd.org Sat Aug 20 16:18:33 2016 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 71F6FBC04E7 for ; Sat, 20 Aug 2016 16:18:33 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 615D51C3B for ; Sat, 20 Aug 2016 16:18:33 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u7KGIWgw006680 for ; Sat, 20 Aug 2016 16:18:33 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-jail@FreeBSD.org Subject: [Bug 211353] mail/sendmail failing during staging under poudriere FreeBSD 11+ Date: Sat, 20 Aug 2016 16:18:33 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Ports & Packages X-Bugzilla-Component: Individual Port(s) X-Bugzilla-Version: Latest X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: koobs@FreeBSD.org X-Bugzilla-Status: Closed X-Bugzilla-Resolution: FIXED X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: koobs@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: assigned_to Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 20 Aug 2016 16:18:33 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D211353 Kubilay Kocak changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|marino@FreeBSD.org |koobs@FreeBSD.org --- Comment #6 from Kubilay Kocak --- This is the bug history: https://bugs.freebsd.org/bugzilla/show_activity.cgi?id=3D211353 I don't know what else to say other than what I said at the bottom of comme= nt 3. --=20 You are receiving this mail because: You are on the CC list for the bug.= From owner-freebsd-jail@freebsd.org Sat Aug 20 16:30:11 2016 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 28262BC096D for ; Sat, 20 Aug 2016 16:30:11 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id E011A1B78 for ; Sat, 20 Aug 2016 16:30:10 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u7KGUAfM027708 for ; Sat, 20 Aug 2016 16:30:10 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-jail@FreeBSD.org Subject: [Bug 211353] mail/sendmail failing during staging under poudriere FreeBSD 11+ Date: Sat, 20 Aug 2016 16:30:11 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Ports & Packages X-Bugzilla-Component: Individual Port(s) X-Bugzilla-Version: Latest X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: marino@FreeBSD.org X-Bugzilla-Status: Closed X-Bugzilla-Resolution: FIXED X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: koobs@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 20 Aug 2016 16:30:11 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D211353 --- Comment #7 from John Marino --- The end of comment #4 asked for where this publish is published and where it was discussed, so if there's nothing to say that probably means its not official policy and it wasn't developed publicly. Thus you could recognize that at least one person disagrees with it and you could say you will respect my desire not to change PR assignments (and for = the matter, don't change titles when the new version is only subjectively better than the original). This is the second time it's come up. Please don't give me PR assignments any more. If bugmeister wants to come back in an official capacity and tell me to bum= p up a stump I'll accept it but truly limit all PR work to responding to those written against ports I maintain. --=20 You are receiving this mail because: You are on the CC list for the bug.=