From owner-freebsd-jail@freebsd.org  Mon Jun  3 19:34:29 2019
Return-Path: <owner-freebsd-jail@freebsd.org>
Delivered-To: freebsd-jail@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id E36BF15BBAE5
 for <freebsd-jail@mailman.ysv.freebsd.org>;
 Mon,  3 Jun 2019 19:34:28 +0000 (UTC)
 (envelope-from kevans@freebsd.org)
Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org
 [IPv6:2001:1900:2254:206a::50:5])
 by mx1.freebsd.org (Postfix) with ESMTP id 6452B6BC02
 for <freebsd-jail@freebsd.org>; Mon,  3 Jun 2019 19:34:28 +0000 (UTC)
 (envelope-from kevans@freebsd.org)
Received: by mailman.ysv.freebsd.org (Postfix)
 id 21D0615BBAE3; Mon,  3 Jun 2019 19:34:28 +0000 (UTC)
Delivered-To: jail@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id EE9E315BBAE1
 for <jail@mailman.ysv.freebsd.org>; Mon,  3 Jun 2019 19:34:27 +0000 (UTC)
 (envelope-from kevans@freebsd.org)
Received: from smtp.freebsd.org (smtp.freebsd.org [96.47.72.83])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 server-signature RSA-PSS (4096 bits)
 client-signature RSA-PSS (4096 bits) client-digest SHA256)
 (Client CN "smtp.freebsd.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 598016BC00;
 Mon,  3 Jun 2019 19:34:27 +0000 (UTC)
 (envelope-from kevans@freebsd.org)
Received: from mail-lf1-f48.google.com (mail-lf1-f48.google.com
 [209.85.167.48])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK))
 (Authenticated sender: kevans)
 by smtp.freebsd.org (Postfix) with ESMTPSA id 0DAE21648E;
 Mon,  3 Jun 2019 19:34:27 +0000 (UTC)
 (envelope-from kevans@freebsd.org)
Received: by mail-lf1-f48.google.com with SMTP id b11so14535491lfa.5;
 Mon, 03 Jun 2019 12:34:26 -0700 (PDT)
X-Gm-Message-State: APjAAAV96aS1xhmRBJ68Kd0VT2034o8wFJai0RHoLgxWmDGyNyTcTYrW
 2VIFYZlYHzrhv6XESALImpgnwifdpOGg+NXWEbE=
X-Google-Smtp-Source: APXvYqxfoySMnZSBd/4eY1gXaENkrPUfw8Gc3wWRt/KcdOlBbbvMNb71MKx964cPZAV/4vK1C3VO1hsSTfsBVgwtTR0=
X-Received: by 2002:ac2:5449:: with SMTP id d9mr15695527lfn.126.1559590465567; 
 Mon, 03 Jun 2019 12:34:25 -0700 (PDT)
MIME-Version: 1.0
References: <201906021403.x52E3v0x067698@repo.freebsd.org>
In-Reply-To: <201906021403.x52E3v0x067698@repo.freebsd.org>
From: Kyle Evans <kevans@freebsd.org>
Date: Mon, 3 Jun 2019 14:33:47 -0500
X-Gmail-Original-Message-ID: <CACNAnaET5zG+=do4Z1hN1cq-mj_BryAtScPjVbUFF__AtJd84w@mail.gmail.com>
Message-ID: <CACNAnaET5zG+=do4Z1hN1cq-mj_BryAtScPjVbUFF__AtJd84w@mail.gmail.com>
Subject: Re: svn commit: r348509 - head/lib/libjail
To: jail@freebsd.org, James Gritton <jamie@freebsd.org>
Content-Type: text/plain; charset="UTF-8"
X-Rspamd-Queue-Id: 598016BC00
X-Spamd-Bar: --
Authentication-Results: mx1.freebsd.org
X-Spamd-Result: default: False [-2.98 / 15.00];
 local_wl_from(0.00)[freebsd.org];
 NEURAL_HAM_MEDIUM(-1.00)[-1.000,0];
 NEURAL_HAM_SHORT(-0.98)[-0.979,0];
 ASN(0.00)[asn:11403, ipnet:96.47.64.0/20, country:US];
 NEURAL_HAM_LONG(-1.00)[-1.000,0]
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-jail>,
 <mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail/>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
 <mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 03 Jun 2019 19:34:29 -0000

(Resend to get the list address right- sorry Jamie!)

On Sun, Jun 2, 2019 at 9:04 AM Kyle Evans <kevans@freebsd.org> wrote:
>
> Author: kevans
> Date: Sun Jun  2 14:03:56 2019
> New Revision: 348509
> URL: https://svnweb.freebsd.org/changeset/base/348509
>
> Log:
>   jail_getid(3): add special-case immediate return for jid 0
>
>   As depicted in the comment: jid 0 always exists, but the lookup will fail as
>   it does not appear in the kernel's alljails list being a special jail. Some
>   callers will expect/rely on this, and we have no reason to lie because it
>   does always exist.
>
>   Reported by:  Stefan Hegnauer <stefan.hegnauer gmx ch>
>   MFC after:    soon (regression, breaks inspecting jail host bits, partial
>   revert)
>
> Modified:
>   head/lib/libjail/jail_getid.c
>
> Modified: head/lib/libjail/jail_getid.c
> ==============================================================================
> --- head/lib/libjail/jail_getid.c       Sun Jun  2 09:28:50 2019        (r348508)
> +++ head/lib/libjail/jail_getid.c       Sun Jun  2 14:03:56 2019        (r348509)
> @@ -54,6 +54,15 @@ jail_getid(const char *name)
>
>         jid = strtoul(name, &ep, 10);
>         if (*name && !*ep) {
> +               /*
> +                * jid == 0 is a special case; it will not appear in the
> +                * kernel's jail list, but naturally processes will be assigned
> +                * to it because it is prison 0.  Trivially return this one
> +                * without a trip to the kernel, because it always exists but
> +                * the lookup won't succeed.
> +                */
> +               if (jid == 0)
> +                       return jid;
>                 jiov[0].iov_base = __DECONST(char *, "jid");
>                 jiov[0].iov_len = sizeof("jid");
>                 jiov[1].iov_base = &jid;
>

On a related note- do we have a good reason for not exposing jid 0 via
jail_get(2) if that's what's requested and we're operating in prison0?
I have no historical context here, so it's not clear to me what issues
that might expose other than the issue of exposing a prison that's not
all that interesting.

Thanks,

Kyle Evans

From owner-freebsd-jail@freebsd.org  Mon Jun  3 19:49:17 2019
Return-Path: <owner-freebsd-jail@freebsd.org>
Delivered-To: freebsd-jail@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 5B1B915BC04C
 for <freebsd-jail@mailman.ysv.freebsd.org>;
 Mon,  3 Jun 2019 19:49:17 +0000 (UTC)
 (envelope-from jamie@freebsd.org)
Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org
 [IPv6:2001:1900:2254:206a::50:5])
 by mx1.freebsd.org (Postfix) with ESMTP id E9CD66C3AD
 for <freebsd-jail@freebsd.org>; Mon,  3 Jun 2019 19:49:16 +0000 (UTC)
 (envelope-from jamie@freebsd.org)
Received: by mailman.ysv.freebsd.org (Postfix)
 id A732F15BC04B; Mon,  3 Jun 2019 19:49:16 +0000 (UTC)
Delivered-To: jail@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 850A615BC04A
 for <jail@mailman.ysv.freebsd.org>; Mon,  3 Jun 2019 19:49:16 +0000 (UTC)
 (envelope-from jamie@freebsd.org)
Received: from gritton.org (gritton.org [199.192.165.131])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 server-signature RSA-PSS (4096 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 27B866C3AB;
 Mon,  3 Jun 2019 19:49:15 +0000 (UTC)
 (envelope-from jamie@freebsd.org)
Received: from gritton.org ([127.0.0.131])
 by gritton.org (8.15.2/8.15.2) with ESMTP id x53Je8Su036173;
 Mon, 3 Jun 2019 13:40:08 -0600 (MDT)
 (envelope-from jamie@freebsd.org)
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII;
 format=flowed
Content-Transfer-Encoding: 7bit
Date: Mon, 03 Jun 2019 13:40:08 -0600
From: James Gritton <jamie@freebsd.org>
To: jail@freebsd.org
Subject: Re: svn commit: r348509 - head/lib/libjail
In-Reply-To: <CACNAnaET5zG+=do4Z1hN1cq-mj_BryAtScPjVbUFF__AtJd84w@mail.gmail.com>
References: <201906021403.x52E3v0x067698@repo.freebsd.org>
 <CACNAnaET5zG+=do4Z1hN1cq-mj_BryAtScPjVbUFF__AtJd84w@mail.gmail.com>
Message-ID: <181db50621f67ffd6ed7ca8355454c91@freebsd.org>
X-Sender: jamie@freebsd.org
User-Agent: Roundcube Webmail/1.3.8
X-Greylist: inspected by milter-greylist-4.6.2 (gritton.org [127.0.0.131]);
 Mon, 03 Jun 2019 13:40:08 -0600 (MDT) for IP:'127.0.0.131'
 DOMAIN:'[127.0.0.131]' HELO:'gritton.org' FROM:'jamie@freebsd.org' RCPT:''
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.6.2
 (gritton.org [127.0.0.131]); Mon, 03 Jun 2019 13:40:08 -0600 (MDT)
X-Rspamd-Queue-Id: 27B866C3AB
X-Spamd-Bar: ------
Authentication-Results: mx1.freebsd.org
X-Spamd-Result: default: False [-6.94 / 15.00];
 NEURAL_HAM_MEDIUM(-1.00)[-1.000,0];
 NEURAL_HAM_SHORT(-0.94)[-0.940,0]; REPLY(-4.00)[];
 NEURAL_HAM_LONG(-1.00)[-1.000,0]
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-jail>,
 <mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail/>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
 <mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 03 Jun 2019 19:49:17 -0000

On 2019-06-03 13:33, Kyle Evans wrote:
> (Resend to get the list address right- sorry Jamie!)
> 
> On Sun, Jun 2, 2019 at 9:04 AM Kyle Evans <kevans@freebsd.org> wrote:
>> 
>> Author: kevans
>> Date: Sun Jun  2 14:03:56 2019
>> New Revision: 348509
>> URL: https://svnweb.freebsd.org/changeset/base/348509
>> 
>> Log:
>>   jail_getid(3): add special-case immediate return for jid 0
>> 
>>   As depicted in the comment: jid 0 always exists, but the lookup will 
>> fail as
>>   it does not appear in the kernel's alljails list being a special 
>> jail. Some
>>   callers will expect/rely on this, and we have no reason to lie 
>> because it
>>   does always exist.
>> 
>>   Reported by:  Stefan Hegnauer <stefan.hegnauer gmx ch>
>>   MFC after:    soon (regression, breaks inspecting jail host bits, 
>> partial
>>   revert)
>> 
>> Modified:
>>   head/lib/libjail/jail_getid.c
>> 
>> Modified: head/lib/libjail/jail_getid.c
>> ==============================================================================
>> --- head/lib/libjail/jail_getid.c       Sun Jun  2 09:28:50 2019       
>>  (r348508)
>> +++ head/lib/libjail/jail_getid.c       Sun Jun  2 14:03:56 2019       
>>  (r348509)
>> @@ -54,6 +54,15 @@ jail_getid(const char *name)
>> 
>>         jid = strtoul(name, &ep, 10);
>>         if (*name && !*ep) {
>> +               /*
>> +                * jid == 0 is a special case; it will not appear in 
>> the
>> +                * kernel's jail list, but naturally processes will be 
>> assigned
>> +                * to it because it is prison 0.  Trivially return 
>> this one
>> +                * without a trip to the kernel, because it always 
>> exists but
>> +                * the lookup won't succeed.
>> +                */
>> +               if (jid == 0)
>> +                       return jid;
>>                 jiov[0].iov_base = __DECONST(char *, "jid");
>>                 jiov[0].iov_len = sizeof("jid");
>>                 jiov[1].iov_base = &jid;
>> 
> 
> On a related note- do we have a good reason for not exposing jid 0 via
> jail_get(2) if that's what's requested and we're operating in prison0?
> I have no historical context here, so it's not clear to me what issues
> that might expose other than the issue of exposing a prison that's not
> all that interesting.

There had been pushback on exposing the current prison via jid=0 when 
not in prison0, but I don't think the question was even considered for 
prison0.  Not only is it not very interesting, it's largely blank.  
There are a few things like hostname that actually live in struct 
prison, but mostly it's a matter of limitations that don't apply to 
prison0.

I actually like the idea of exposing the current prison with prison0, 
limiting jail_get(2) to excise outside information (like the path) but 
still report limits that a user may be interested in knowing and aren't 
a security concern to discover (and indeed, can often be found through 
more cumbersome means).

- Jamie

From owner-freebsd-jail@freebsd.org  Fri Jun  7 00:47:00 2019
Return-Path: <owner-freebsd-jail@freebsd.org>
Delivered-To: freebsd-jail@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 8528915C44F9
 for <freebsd-jail@mailman.ysv.freebsd.org>;
 Fri,  7 Jun 2019 00:47:00 +0000 (UTC)
 (envelope-from fabian.freyer@physik.tu-berlin.de)
Received: from mail.physik.tu-berlin.de (mail.physik.tu-berlin.de
 [130.149.50.25])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 50E448E305
 for <freebsd-jail@freebsd.org>; Fri,  7 Jun 2019 00:46:58 +0000 (UTC)
 (envelope-from fabian.freyer@physik.tu-berlin.de)
Received: from [192.168.0.114] (unknown [130.149.50.99])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (No client certificate requested)
 by mail.physik.tu-berlin.de (Postfix) with ESMTPSA id C89B461FA1
 for <freebsd-jail@freebsd.org>; Fri,  7 Jun 2019 00:46:49 +0000 (UTC)
To: freebsd-jail@freebsd.org
From: Fabian Freyer <fabian.freyer@physik.tu-berlin.de>
Subject: [call for testing] kmod-devctl-jail
Message-ID: <d10460bd-d94c-d346-b234-076ba1da5b66@physik.tu-berlin.de>
Date: Fri, 7 Jun 2019 02:46:42 +0200
User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:60.0) Gecko/20100101
 Thunderbird/60.7.0
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 7bit
X-Rspamd-Queue-Id: 50E448E305
X-Spamd-Bar: +
Authentication-Results: mx1.freebsd.org
X-Spamd-Result: default: False [1.15 / 15.00]; ARC_NA(0.00)[];
 RCVD_VIA_SMTP_AUTH(0.00)[]; FROM_HAS_DN(0.00)[];
 TO_MATCH_ENVRCPT_ALL(0.00)[];
 IP_SCORE(-0.00)[asn: 680(-0.02), country: DE(-0.01)];
 MIME_GOOD(-0.10)[text/plain];
 PREVIOUSLY_DELIVERED(0.00)[freebsd-jail@freebsd.org];
 TO_DN_NONE(0.00)[]; AUTH_NA(1.00)[]; RCPT_COUNT_ONE(0.00)[1];
 NEURAL_HAM_LONG(-0.61)[-0.610,0];
 NEURAL_SPAM_MEDIUM(0.43)[0.429,0];
 DMARC_NA(0.00)[tu-berlin.de]; NEURAL_SPAM_SHORT(0.64)[0.642,0];
 RCVD_IN_DNSWL_MED(-0.20)[25.50.149.130.list.dnswl.org : 127.0.11.2];
 MX_GOOD(-0.01)[a1861.mx.srv.dfn.de,b1861.mx.srv.dfn.de,c1861.mx.srv.dfn.de];
 R_SPF_NA(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[];
 MIME_TRACE(0.00)[0:+];
 ASN(0.00)[asn:680, ipnet:130.149.0.0/16, country:DE];
 MID_RHS_MATCH_FROM(0.00)[]; RCVD_TLS_ALL(0.00)[];
 RCVD_COUNT_TWO(0.00)[2]
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-jail>,
 <mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail/>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
 <mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 07 Jun 2019 00:47:00 -0000

Hi all,

I'd like to call for testing of the kernel module kmod-devctl-jail [1], 
which adds devctl(4) support for jail state changes. The aim is to 
provide some logging and/or auditing support as well as providing jail 
managers with a way to get notified of jail state changes.

I'm not yet clear as to whether this is something that could/should get 
upstreamed into base, or should better live in ports.

Please CC me when replying to this, as I am not subscribed to freebsd-jail@.

Thanks,
Fabian

[1] https://github.com/fubarnetes/kmod_devctl_jail.git

From owner-freebsd-jail@freebsd.org  Fri Jun  7 21:05:01 2019
Return-Path: <owner-freebsd-jail@freebsd.org>
Delivered-To: freebsd-jail@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 3E1D015B6DCD
 for <freebsd-jail@mailman.ysv.freebsd.org>;
 Fri,  7 Jun 2019 21:05:01 +0000 (UTC) (envelope-from lars@e.0x20.net)
Received: from mail.0x20.net (mail.0x20.net [46.251.251.56])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 server-signature RSA-PSS (4096 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id BA2B689D8F
 for <freebsd-jail@freebsd.org>; Fri,  7 Jun 2019 21:05:00 +0000 (UTC)
 (envelope-from lars@e.0x20.net)
Received: from e.0x20.net (mail.0x20.net [46.251.251.56])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (3096 bits) server-digest SHA256)
 (No client certificate requested)
 by mail.0x20.net (Postfix) with ESMTPS id CC9FFB36A0;
 Fri,  7 Jun 2019 23:04:50 +0200 (CEST)
Received: (from lars@localhost)
 by e.0x20.net (8.15.2/8.15.2/Submit) id x57L4oQT008855;
 Fri, 7 Jun 2019 23:04:50 +0200 (CEST) (envelope-from lars)
Date: Fri, 7 Jun 2019 23:04:50 +0200
From: Lars Engels <lars.engels@0x20.net>
To: Fabian Freyer <fabian.freyer@physik.tu-berlin.de>
Cc: freebsd-jail@freebsd.org
Subject: Re: [call for testing] kmod-devctl-jail
Message-ID: <20190607210450.GR89353@e.0x20.net>
References: <d10460bd-d94c-d346-b234-076ba1da5b66@physik.tu-berlin.de>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <d10460bd-d94c-d346-b234-076ba1da5b66@physik.tu-berlin.de>
X-Editor: VIM - Vi IMproved 8.0
User-Agent: Mutt/1.11.4 (2019-03-13)
X-Rspamd-Queue-Id: BA2B689D8F
X-Spamd-Bar: +
Authentication-Results: mx1.freebsd.org
X-Spamd-Result: default: False [1.72 / 15.00]; ARC_NA(0.00)[];
 NEURAL_HAM_MEDIUM(-0.43)[-0.425,0]; MX_INVALID(0.50)[cached];
 FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[];
 NEURAL_SPAM_SHORT(0.61)[0.612,0];
 NEURAL_HAM_LONG(-0.04)[-0.036,0]; MIME_GOOD(-0.10)[text/plain];
 RCVD_TLS_LAST(0.00)[]; DMARC_NA(0.00)[0x20.net];
 AUTH_NA(1.00)[]; TO_MATCH_ENVRCPT_SOME(0.00)[];
 RCPT_COUNT_TWO(0.00)[2]; R_SPF_NA(0.00)[];
 FORGED_SENDER(0.30)[lars.engels@0x20.net,lars@e.0x20.net];
 R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+];
 ASN(0.00)[asn:31400, ipnet:46.251.251.0/24, country:DE];
 FROM_NEQ_ENVFROM(0.00)[lars.engels@0x20.net,lars@e.0x20.net];
 IP_SCORE(-0.13)[ip: (-1.00), ipnet: 46.251.251.0/24(-0.50), asn: 31400(0.84),
 country: DE(-0.01)]; RCVD_COUNT_TWO(0.00)[2]
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-jail>,
 <mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail/>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
 <mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 07 Jun 2019 21:05:01 -0000

On Fri, Jun 07, 2019 at 02:46:42AM +0200, Fabian Freyer wrote:
> Hi all,
> 
> I'd like to call for testing of the kernel module kmod-devctl-jail [1], 
> which adds devctl(4) support for jail state changes. The aim is to 
> provide some logging and/or auditing support as well as providing jail 
> managers with a way to get notified of jail state changes.
> 
> I'm not yet clear as to whether this is something that could/should get 
> upstreamed into base, or should better live in ports.
> 
> Please CC me when replying to this, as I am not subscribed to freebsd-jail@.
> 
> Thanks,
> Fabian
> 
> [1] https://github.com/fubarnetes/kmod_devctl_jail.git

I just gave it a shot and it can be a very useful tool IMHO.
Please create a review on Phabricator and maybe it can get added to
base.

Here's the log output produced from starting and stopping a jail:

var/log  tail -f jail 
Jun  7 23:01:01 nelson jail[314]: Jail JID=2 created
Jun  7 23:01:02 nelson jail[1720]: Process PID=1644 attached to Jail JID=2
Jun  7 23:01:12 nelson jail[46712]: Process PID=46535 attached to Jail JID=2
Jun  7 23:01:12 nelson jail[68454]: Jail JID=2 removed