From owner-soc-status@freebsd.org Tue Jul 9 18:42:23 2019 Return-Path: Delivered-To: soc-status@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 0351915E1F16 for ; Tue, 9 Jul 2019 18:42:23 +0000 (UTC) (envelope-from therontarigo@gmail.com) Received: from mail-oi1-f195.google.com (mail-oi1-f195.google.com [209.85.167.195]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 8ABA177B55 for ; Tue, 9 Jul 2019 18:42:21 +0000 (UTC) (envelope-from therontarigo@gmail.com) Received: by mail-oi1-f195.google.com with SMTP id s184so16130006oie.9 for ; Tue, 09 Jul 2019 11:42:21 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:message-id:date:user-agent :mime-version:content-transfer-encoding:content-language; bh=gmcRq94k81/iLdcU63qm3slDwSxRTmj66SJ68gU34t8=; b=OEj+N7kcltm4TyI+BGovNFk7Zy43b4eBYvR6ePp26PsmckzdDdR2HemRynXX5txdJ7 Nt2KUEMbsfBc8OwWvs2A+JliLqVB0+Rn9L8Y8Y0Y6k8NQT7S51I1cE/GDAxExMueL7PQ 9mRqQf+2UY5p/g7OjTx62jxGObIdDoVZw65EwRhGMVdSQ7OKgOcWyGa3IIReWANjV0cT 7bvHuvr2mgA0KM0IBjWDPaSKQ8rl41Pq3vBJ2W0uXcx5BdlXrFIFo/WaXKo/k5YIb7pa /e3IAW4NWauenAefSfOwRUGoTakjK7q3hlsKgREnSM5On6DxbtNXMwOWNCny3lOyi/9d awqg== X-Gm-Message-State: APjAAAV4kO5GxcotsqTG7yrtcSz06TSvpVq+BjPCSM2YYiwjYlQimBv5 QVOV8VORBDAxeEv+9m079f5L4eqN X-Google-Smtp-Source: APXvYqxYGxKiv7rjxJJuzhVaahc+ASu+19Wb8pKTgJSIpzINaYx5eqMa+nVV8n8tBc1Gfv6nRcTHLQ== X-Received: by 2002:a63:eb06:: with SMTP id t6mr16554890pgh.107.1562697303768; Tue, 09 Jul 2019 11:35:03 -0700 (PDT) Received: from [10.1.10.31] (173-11-84-33-SFBA.hfc.comcastbusiness.net. [173.11.84.33]) by smtp.gmail.com with ESMTPSA id z4sm14282840pfg.166.2019.07.09.11.35.02 (version=TLS1_3 cipher=AEAD-AES128-GCM-SHA256 bits=128/128); Tue, 09 Jul 2019 11:35:02 -0700 (PDT) From: Theron Tarigo To: soc-status@freebsd.org Subject: GSoC: Separation of Ports Build Process from Local Installation Message-ID: Date: Tue, 9 Jul 2019 11:34:56 -0700 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:60.0) Gecko/20100101 Thunderbird/60.7.1 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit Content-Language: en-US X-Rspamd-Queue-Id: 8ABA177B55 X-Spamd-Bar: ---- Authentication-Results: mx1.freebsd.org; spf=pass (mx1.freebsd.org: domain of therontarigo@gmail.com designates 209.85.167.195 as permitted sender) smtp.mailfrom=therontarigo@gmail.com X-Spamd-Result: default: False [-4.14 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:209.85.128.0/17]; RCVD_COUNT_THREE(0.00)[3]; MX_GOOD(-0.01)[cached: alt3.gmail-smtp-in.l.google.com]; RCPT_COUNT_TWO(0.00)[2]; NEURAL_HAM_SHORT(-0.94)[-0.941,0]; FORGED_SENDER(0.30)[theron@freebsd.org,therontarigo@gmail.com]; IP_SCORE(-1.19)[ipnet: 209.85.128.0/17(-3.47), asn: 15169(-2.41), country: US(-0.06)]; R_DKIM_NA(0.00)[]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ASN(0.00)[asn:15169, ipnet:209.85.128.0/17, country:US]; FROM_NEQ_ENVFROM(0.00)[theron@freebsd.org,therontarigo@gmail.com]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-0.999,0]; MID_RHS_MATCH_FROM(0.00)[]; FROM_HAS_DN(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[soc-status@freebsd.org]; DMARC_NA(0.00)[freebsd.org]; MIME_TRACE(0.00)[0:+]; TO_MATCH_ENVRCPT_SOME(0.00)[]; RCVD_IN_DNSWL_NONE(0.00)[195.167.85.209.list.dnswl.org : 127.0.5.0]; RCVD_TLS_LAST(0.00)[]; RWL_MAILSPIKE_POSSIBLE(0.00)[195.167.85.209.rep.mailspike.net : 127.0.0.17] X-BeenThere: soc-status@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Summer of Code Status Reports and Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 09 Jul 2019 18:42:23 -0000 Hello all, This project aims to decouple the build process of the ports framework from the local installation.  To work around the assumptions made by ports about dependency file locations, a userspace tool to remap processes' filesystem namespaces is under development. This past week, I have made the following progress: - Ldconfig hints file is maintained at each dependency port installation, allowing build tools to run as expected. - Fixed several more problems with running programs under the namespace tool:     - Some ports contain /bin/sh scripts with no shebang.  FreeBSD allows this; Namespace tool's execve implementation is changed accordingly.     - Fixed a bug in execve implementation concerning argv[0]     - Debugging output, when requested, now does not get written to wrong file after (v)fork and/or exec. - Have ports use devel/bmake instead of /usr/bin/make, where possible, as the latter is statically linked and cannot handle ports Makefiles' dependencies on installed files. - Confirmed that devel/llvm60 and all its dependencies build successfully.  This selection of ports represents many build tools commonly used in building of other ports.  To see for yourself: make -C /usr/ports/devel/llvm60 all-depends-list What I am working on next: - Create a port of freebsd-user-namespace to be used by ports framework, similarly to how ports-mgmt/pkg is used. - Build larger set of ports to discover remaining incompatibilities. - Set up automated testing of ports to assess progress and catch regressions. Project goals and status are kept at https://wiki.freebsd.org/SummerOfCode2019Projects/PortsSeparatedBuild . Source of the userspace filesystem namespace tool is shared at https://github.com/therontarigo/freebsd-user-namespace . Changes to ports framework are shared at https://github.com/freebsd/freebsd-ports/compare/master...therontarigo:separated. Theron Tarigo From owner-soc-status@freebsd.org Wed Jul 10 13:19:57 2019 Return-Path: Delivered-To: soc-status@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 09B2615D6EF5 for ; Wed, 10 Jul 2019 13:19:57 +0000 (UTC) (envelope-from shivankgarg98@gmail.com) Received: from mail-ed1-x534.google.com (mail-ed1-x534.google.com [IPv6:2a00:1450:4864:20::534]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 814508B66E; Wed, 10 Jul 2019 13:19:55 +0000 (UTC) (envelope-from shivankgarg98@gmail.com) Received: by mail-ed1-x534.google.com with SMTP id k21so2158333edq.3; Wed, 10 Jul 2019 06:19:55 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=5WMJRBfM0HnD2auX9mSZIk9/tCpfZCOS+vFQpj8E+64=; b=PBGjVyND2yKJ3dC3590qmimqSHMpgTIa3K6b8MfFt1eQwuUgwGjZmkSwor37mTeOCR m6i1bW2e9HBgjdpySBzpApK06B5Jybaxvm1TqVLNgt5OVNRHDRSVfvMpZsMJ3pbJDM25 n3nr0ShSt1/Osie5TjYfjpUzB8hL2UvSn212QqvivXcSPz9jHCu4S2wzA8+8e3q3T+Ui 7bvzuyWGdl4t2iE6AndnDaLTpcE/hMwL3crNhIhFvh1aEqdOuzUXHtKtMbw19dwVS3tV 7HxCuePwgFTfHxuAeyvguIH5kU0wM5SNoZMKXCOy8y6us+BGk+thzVj6ewSUhsTIvMif 60Bw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=5WMJRBfM0HnD2auX9mSZIk9/tCpfZCOS+vFQpj8E+64=; b=fczvbbspN/dToDE48EIQrNSWqdv9Kl/ntzwit7wSOOwP8wSsAgDIrneYxd8Jb1TvsN g5yZsZgfMdEk18yrv03+qxKai3Ii8QdKhl0tgHYleGgGBrXS/Vq7mqYWbYcRgVfC1mSz ZIZrMTfbQJIwmJpkqgsKGogzCfR96sn8j/ucLNJR4kXnIxpuAgBX52JJ/S1Ri+1G3TFt PDqE90QTDAS/y6bD6li7MW+QrRrOj97nqaSm2EHV5n1R7QyBDYUoKIUCdlmp2xACYJ/X hQYqEHD4D5VtepPmddr9TLaJXSUJQedP8Tuyb95fdjOjCaFy7KOyEMtQS0SB+6NTtpGy Ipdg== X-Gm-Message-State: APjAAAWJYQK+/5PeWMvgLt2BF3rRamGLtHRSVrTCD9K44uKp+FgQR0dA Pt8HTX8eBMZErayH5HvYryI2dkFrWydJ8CaorGHkdyvk+uo= X-Google-Smtp-Source: APXvYqyJWYCR3Y1dEGy1qy7vct1n4iJt6yp7yoxOWsckG8hv8r+Vx9vYiDFrnqNF/A1aQsiiK5XZQdSQtc/V6laGfJc= X-Received: by 2002:a17:906:19cc:: with SMTP id h12mr24073721ejd.304.1562764794381; Wed, 10 Jul 2019 06:19:54 -0700 (PDT) MIME-Version: 1.0 From: Shivank Garg Date: Wed, 10 Jul 2019 18:49:43 +0530 Message-ID: Subject: [GSoC'19 Weekly Update] MAC policy on IP addresses in Jail To: soc-status@freebsd.org, "Bjoern A. Zeeb" X-Rspamd-Queue-Id: 814508B66E X-Spamd-Bar: ------ Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20161025 header.b=PBGjVyND; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (mx1.freebsd.org: domain of shivankgarg98@gmail.com designates 2a00:1450:4864:20::534 as permitted sender) smtp.mailfrom=shivankgarg98@gmail.com X-Spamd-Result: default: False [-6.77 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20161025]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+ip6:2a00:1450:4000::/36]; FREEMAIL_FROM(0.00)[gmail.com]; TAGGED_RCPT(0.00)[soc]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; TO_MATCH_ENVRCPT_ALL(0.00)[]; RCVD_TLS_LAST(0.00)[]; DKIM_TRACE(0.00)[gmail.com:+]; MX_GOOD(-0.01)[cached: alt3.gmail-smtp-in.l.google.com]; RCVD_IN_DNSWL_NONE(0.00)[4.3.5.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.0.4.6.8.4.0.5.4.1.0.0.a.2.list.dnswl.org : 127.0.5.0]; NEURAL_HAM_SHORT(-0.81)[-0.814,0]; RCPT_COUNT_TWO(0.00)[2]; IP_SCORE(-2.95)[ip: (-9.42), ipnet: 2a00:1450::/32(-2.83), asn: 15169(-2.42), country: US(-0.06)]; DMARC_POLICY_ALLOW(-0.50)[gmail.com,none]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ASN(0.00)[asn:15169, ipnet:2a00:1450::/32, country:US]; RCVD_COUNT_TWO(0.00)[2]; DWL_DNSWL_NONE(0.00)[gmail.com.dwl.dnswl.org : 127.0.5.0] Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.29 X-BeenThere: soc-status@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Summer of Code Status Reports and Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 10 Jul 2019 13:19:57 -0000 Hi everyone! This project is aimed at developing a loadable MAC module with the "The TrustedBSD MAC Framework" to limit the set of IP addresses a VNET-enabled Jail can choose from. This week I made the following progress- * Added checks for IPv4 and IPv6 address to allow/deny IP address * added checks for the interface to allow/deny IP address. Do Check this project on Github: https://github.com/shivankgarg98/freebsd/tree/shivank_MACPolicyIPAddressJail/sys/security/mac_ipacl FreeBSD wiki: https://wiki.freebsd.org/SummerOfCode2019Projects/MACPolicyIPAddressJail Please feel free to share your ideas and feedback on this project. Regards, Shivank Garg