From bugmaster at FreeBSD.org Mon May 5 11:07:08 2008 From: bugmaster at FreeBSD.org (FreeBSD bugmaster) Date: Mon May 5 11:07:17 2008 Subject: Current problem reports assigned to freebsd-jail@FreeBSD.org Message-ID: <200805051107.m45B77KO070748@freefall.freebsd.org> Current FreeBSD problem reports Critical problems Serious problems S Tracker Resp. Description -------------------------------------------------------------------------------- s kern/89528 jail [jail] [patch] impossible to kill a jail o kern/119842 jail [smbfs] [jail] "Bad address" with smbfs inside a jail 2 problems total. Non-critical problems S Tracker Resp. Description -------------------------------------------------------------------------------- o bin/32828 jail [jail] w(1) incorrectly handles stale utmp slots with o kern/68192 jail [quotas] [jail] Cannot use quotas on jailed systems o kern/72498 jail [libc] [jail] timestamp code on jailed SMP machine gen o kern/74314 jail [resolver] [jail] DNS resolver broken under certain ja o kern/84215 jail [jail] [patch] wildcard ip (INADDR_ANY) should not bin o kern/89989 jail [jail] [patch] Add option -I (ASCII 73) PID to specif o kern/97071 jail [jail] [patch] add security.jail.jid sysctl o bin/99566 jail [jail] [patch] fstat(1) according to specified jid o bin/119305 jail [jail] [patch] jexec(8): jexec -n prisonname: selectio o kern/120753 jail [jail] Zombie jails (jailed child process exits while 10 problems total. From bugmaster at FreeBSD.org Mon May 12 11:07:00 2008 From: bugmaster at FreeBSD.org (FreeBSD bugmaster) Date: Mon May 12 11:07:08 2008 Subject: Current problem reports assigned to freebsd-jail@FreeBSD.org Message-ID: <200805121106.m4CB6xIw038052@freefall.freebsd.org> Current FreeBSD problem reports Critical problems Serious problems S Tracker Resp. Description -------------------------------------------------------------------------------- s kern/89528 jail [jail] [patch] impossible to kill a jail o kern/119842 jail [smbfs] [jail] "Bad address" with smbfs inside a jail 2 problems total. Non-critical problems S Tracker Resp. Description -------------------------------------------------------------------------------- o bin/32828 jail [jail] w(1) incorrectly handles stale utmp slots with o kern/68192 jail [quotas] [jail] Cannot use quotas on jailed systems o kern/72498 jail [libc] [jail] timestamp code on jailed SMP machine gen o kern/74314 jail [resolver] [jail] DNS resolver broken under certain ja o kern/84215 jail [jail] [patch] wildcard ip (INADDR_ANY) should not bin o kern/89989 jail [jail] [patch] Add option -I (ASCII 73) PID to specif o kern/97071 jail [jail] [patch] add security.jail.jid sysctl o bin/99566 jail [jail] [patch] fstat(1) according to specified jid o bin/119305 jail [jail] [patch] jexec(8): jexec -n prisonname: selectio o kern/120753 jail [jail] Zombie jails (jailed child process exits while 10 problems total. From alexus at gmail.com Mon May 12 18:52:35 2008 From: alexus at gmail.com (alexus) Date: Mon May 12 18:52:38 2008 Subject: FreeBSD-7.0 MULTIPLE-IPs Message-ID: <6ae50c2d0805121128t7721bc1kda6f2a187be03165@mail.gmail.com> Hello, I saw there is a few patches out there that gives jail ability to have more then 1(one) IP address, however all those patches are very old and jail in FreeBSD-7.0 has more then it had even 2-3 years ago, so I was wondering if there is a new patch that works with FreeBSD-7, maybe implmenting this patch is somewhat easier in 7.0 vs older releases? I think DragonFly implmeneted one of the patches directly into core, why FreeBSD won't do it already? -- http://alexus.org/ From lambert at lambertfam.org Mon May 19 05:51:17 2008 From: lambert at lambertfam.org (Scott Lambert) Date: Mon May 19 05:51:20 2008 Subject: Signal 11 messages showing in all jails? Message-ID: <20080519051707.GA23266@sysmon.tcworks.net> Is this supposed to happen? FreeBSD 6.2 order.cgi is only installed in one jail on this system, but I see this report in all the jail on that system. The below lines are from the daily security run output for one of the other jails. I just want to make sure this is operating as expected rather than a bug. hostname kernel log messages: +++ /tmp/security.okyw840z Mon May 19 03:01:03 2008 +pid 60995 (order.cgi), uid 80: exited on signal 11 (core dumped) +pid 60996 (order.cgi), uid 80: exited on signal 11 (core dumped) +pid 61001 (order.cgi), uid 80: exited on signal 11 (core dumped) +pid 61002 (order.cgi), uid 80: exited on signal 11 (core dumped) +pid 61007 (order.cgi), uid 80: exited on signal 11 (core dumped) +pid 61008 (order.cgi), uid 80: exited on signal 11 (core dumped) +pid 61013 (order.cgi), uid 80: exited on signal 11 (core dumped) +pid 61014 (order.cgi), uid 80: exited on signal 11 (core dumped) +pid 61019 (order.cgi), uid 80: exited on signal 11 (core dumped) +pid 61020 (order.cgi), uid 80: exited on signal 11 (core dumped) +pid 61025 (order.cgi), uid 80: exited on signal 11 (core dumped) +pid 61032 (order.cgi), uid 80: exited on signal 11 (core dumped) +pid 61051 (order.cgi), uid 80: exited on signal 11 (core dumped) +pid 61052 (order.cgi), uid 80: exited on signal 11 (core dumped) +pid 61061 (order.cgi), uid 80: exited on signal 11 (core dumped) +pid 61068 (order.cgi), uid 80: exited on signal 11 (core dumped) +pid 61069 (order.cgi), uid 80: exited on signal 11 (core dumped) +pid 61070 (order.cgi), uid 80: exited on signal 11 (core dumped) +pid 61072 (order.cgi), uid 80: exited on signal 11 (core dumped) +pid 61075 (order.cgi), uid 80: exited on signal 11 (core dumped) +pid 61083 (order.cgi), uid 80: exited on signal 11 (core dumped) +pid 61088 (order.cgi), uid 80: exited on signal 11 (core dumped) +pid 61089 (order.cgi), uid 80: exited on signal 11 (core dumped) +pid 61090 (order.cgi), uid 80: exited on signal 11 (core dumped) +pid 61092 (order.cgi), uid 80: exited on signal 11 (core dumped) +pid 61095 (order.cgi), uid 80: exited on signal 11 (core dumped) +em0: link state changed to DOWN +em0: link state changed to UP +em0: link state changed to DOWN +em0: link state changed to UP +em0: link state changed to DOWN +em0: link state changed to UP +em0: link state changed to DOWN +em0: link state changed to UP -- Scott Lambert KC5MLE Unix SysAdmin lambert@lambertfam.org From Alexander at Leidinger.net Mon May 19 08:38:22 2008 From: Alexander at Leidinger.net (Alexander Leidinger) Date: Mon May 19 08:38:26 2008 Subject: Signal 11 messages showing in all jails? In-Reply-To: <20080519051707.GA23266@sysmon.tcworks.net> References: <20080519051707.GA23266@sysmon.tcworks.net> Message-ID: <20080519103813.16651fkml5bc00v4@webmail.leidinger.net> Quoting Scott Lambert (from Mon, 19 May 2008 00:17:07 -0500): > Is this supposed to happen? FreeBSD 6.2 > > order.cgi is only installed in one jail on this system, but I see > this report in all the jail on that system. The below lines are from > the daily security run output for one of the other jails. > > I just want to make sure this is operating as expected rather than a > bug. It's not only the signal 11 messages, it's all kernel messages. There's no jail filter for the kernel messages, so this is expected behavior (this doesn't mean this behavior is the right one). Bye, Alexander. -- Most people need some of their problems to help take their mind off some of the others. http://www.Leidinger.net Alexander @ Leidinger.net: PGP ID = B0063FE7 http://www.FreeBSD.org netchild @ FreeBSD.org : PGP ID = 72077137 From andrew at modulus.org Mon May 19 11:04:49 2008 From: andrew at modulus.org (Andrew Snow) Date: Mon May 19 11:04:54 2008 Subject: Signal 11 messages showing in all jails? In-Reply-To: <20080519103813.16651fkml5bc00v4@webmail.leidinger.net> References: <20080519051707.GA23266@sysmon.tcworks.net> <20080519103813.16651fkml5bc00v4@webmail.leidinger.net> Message-ID: <48315B2E.5010500@modulus.org> Here are the devfs rules I use, which is one workaround for the problem (among other things..) "hide", "path null unhide", "path zero unhide", "path crypto unhide", "path random unhide", "path urandom unhide", "path 'ptyp*' unhide", "path 'ptyq*' unhide", "path 'ptyr*' unhide", "path 'ptys*' unhide", "path 'ptyP*' unhide", "path 'ptyQ*' unhide", "path 'ptyR*' unhide", "path 'ptyS*' unhide", "path 'ttyp*' unhide", "path 'ttyq*' unhide", "path 'ttyr*' unhide", "path 'ttys*' unhide", "path 'ttyP*' unhide", "path 'ttyQ*' unhide", "path 'ttyR*' unhide", "path 'ttyS*' unhide", "path fd unhide", "path 'fd/*' unhide", "path stdin unhide", "path stdout unhide", "path stderr unhide" From bugmaster at FreeBSD.org Mon May 19 11:06:55 2008 From: bugmaster at FreeBSD.org (FreeBSD bugmaster) Date: Mon May 19 11:07:28 2008 Subject: Current problem reports assigned to freebsd-jail@FreeBSD.org Message-ID: <200805191106.m4JB6s4B011622@freefall.freebsd.org> Current FreeBSD problem reports Critical problems Serious problems S Tracker Resp. Description -------------------------------------------------------------------------------- s kern/89528 jail [jail] [patch] impossible to kill a jail o kern/119842 jail [smbfs] [jail] "Bad address" with smbfs inside a jail 2 problems total. Non-critical problems S Tracker Resp. Description -------------------------------------------------------------------------------- o bin/32828 jail [jail] w(1) incorrectly handles stale utmp slots with o kern/68192 jail [quotas] [jail] Cannot use quotas on jailed systems o kern/72498 jail [libc] [jail] timestamp code on jailed SMP machine gen o kern/74314 jail [resolver] [jail] DNS resolver broken under certain ja o kern/84215 jail [jail] [patch] wildcard ip (INADDR_ANY) should not bin o kern/89989 jail [jail] [patch] Add option -I (ASCII 73) PID to specif o kern/97071 jail [jail] [patch] add security.jail.jid sysctl o bin/99566 jail [jail] [patch] fstat(1) according to specified jid o bin/119305 jail [jail] [patch] jexec(8): jexec -n prisonname: selectio o kern/120753 jail [jail] Zombie jails (jailed child process exits while 10 problems total. From andrew at modulus.org Mon May 19 11:08:49 2008 From: andrew at modulus.org (Andrew Snow) Date: Mon May 19 11:08:56 2008 Subject: Signal 11 messages showing in all jails? In-Reply-To: <20080519103813.16651fkml5bc00v4@webmail.leidinger.net> References: <20080519051707.GA23266@sysmon.tcworks.net> <20080519103813.16651fkml5bc00v4@webmail.leidinger.net> Message-ID: <48315FB6.7070103@modulus.org> Sorry for previous message, it wasn't devfs rules at all that solved this problem. Instead you should set this in /etc/sysctl.conf: security.bsd.unprivileged_read_msgbuf=0 From Alexander at Leidinger.net Mon May 19 13:17:30 2008 From: Alexander at Leidinger.net (Alexander Leidinger) Date: Mon May 19 13:17:38 2008 Subject: Signal 11 messages showing in all jails? In-Reply-To: <48315FB6.7070103@modulus.org> References: <20080519051707.GA23266@sysmon.tcworks.net> <20080519103813.16651fkml5bc00v4@webmail.leidinger.net> <48315FB6.7070103@modulus.org> Message-ID: <20080519151718.54449sqj560rkgyo@webmail.leidinger.net> Quoting Andrew Snow (from Mon, 19 May 2008 21:08:38 +1000): > > Sorry for previous message, it wasn't devfs rules at all that solved > this problem. The rules you posted are part of some kind of workaround. The rules didn't include the "syslog pipe" for kernel messages (depends upon your version of FreeBSD), so there should be no messages from the kernel (like sig 11) in the syslog anymore with this. > Instead you should set this in /etc/sysctl.conf: > > security.bsd.unprivileged_read_msgbuf=0 This also has implication for the jail-host. You need to be root to read the dmesg. All this is just a workaround, but not really a solution to the problem. Ideally each jail gets messages from the kernel which _belong_ into this jail (e.g. sig 11, if a process from _this_ jail dies in this way). Bye, Alexander. -- Pure drivel tends to drive ordinary drivel off the TV screen. http://www.Leidinger.net Alexander @ Leidinger.net: PGP ID = B0063FE7 http://www.FreeBSD.org netchild @ FreeBSD.org : PGP ID = 72077137 From jorge at bsdchile.cl Tue May 20 14:33:51 2008 From: jorge at bsdchile.cl (Jorge Medina) Date: Tue May 20 14:33:57 2008 Subject: FreeBSD 7 -STABLE with cpu and memory limits Message-ID: <28d0e6b80805200708v452eb0f8o616aff50fc6120a4@mail.gmail.com> this patch (http://wiki.freebsd.org/JailResourceLimits) work on FreeBSD 7 amd64? somebody have a test behavior -- Jorge Andr?s Medina Oliva. Systems Manager and Developer. BSDCHiLE. From peter at pean.org Thu May 22 07:25:30 2008 From: peter at pean.org (=?ISO-8859-1?Q?Peter_Ankerst=E5l?=) Date: Thu May 22 07:25:34 2008 Subject: Jail resource limits Message-ID: <822C1BB6-3591-4CE1-AFEA-8B07B9F5ED8D@pean.org> http://wiki.freebsd.org/JailResourceLimits Is this anthing people are working on? Is it on its way to RELENG_7? Is there a 7-version of the patch or anything? This would be a _VERY_ useful feature. -- Peter Ankerst?l peter@pean.org From 000.fbsd at quip.cz Thu May 22 11:19:42 2008 From: 000.fbsd at quip.cz (Miroslav Lachman) Date: Thu May 22 11:19:50 2008 Subject: Jail resource limits In-Reply-To: <822C1BB6-3591-4CE1-AFEA-8B07B9F5ED8D@pean.org> References: <822C1BB6-3591-4CE1-AFEA-8B07B9F5ED8D@pean.org> Message-ID: <483556DB.9070602@quip.cz> Peter Ankerst?l wrote: > http://wiki.freebsd.org/JailResourceLimits > > Is this anthing people are working on? Is it on its way to RELENG_7? > Is there a 7-version of the patch or anything? This would be a _VERY_ > useful feature. Hi, AFAIK nobody is working on it. A year ago there was newer release of the patch against CURRENT at that time (FreeBSD 7) [1] http://www.ualberta.ca/~cdjones/jail-cpumem-current.tgz I never test this patch on current, only version for 6.x and if patch for current were made without improvements, it contains same bugs as patch for 6.x (eg.: not showing memory usage). There are some other guys trying to do the same, but I never saw patches published. Andrew Snow - Jails as a VPS [2] Alex Lyashkov - Jail2 aka FreeVPS [3a][3b] Or fixes for C.D. Jones work: Chris Thunes - jtune not showing resource usage - fixed [4] (note - attached patch is reversed) [5] So as you can see, there were some talks about Jail improvements for one year existence of this mailinglist (freebsd-jail@freebsd.org), also it is two years from SoC [6] and we still don't have anything commited to 7.x or to CURRENT. It is sad. There is little attention to jails, only few people are able to do some coding work etc. If the are somebody with skills and time to resurrect some mentioned projects, I am willing to help with testing. Also it will be good to have some up-to-date wiki page with "all the patches" (resource limits, SysV IPC, multiple IPs...) and status of this work, so people can easily find and try it. Miroslav Lachman [1] http://lists.freebsd.org/pipermail/freebsd-jail/2007-June/000030.html [2] http://lists.freebsd.org/pipermail/freebsd-jail/2008-January/000152.html [3a] http://docs.freevps.com/doku.php?id=freebsd:index [3b] http://lists.freebsd.org/pipermail/freebsd-arch/2006-June/005293.html [4] http://lists.freebsd.org/pipermail/freebsd-jail/2007-August/000060.html [5] http://lists.freebsd.org/pipermail/freebsd-jail/2007-September/000101.html [6] http://wiki.freebsd.org/JailResourceLimits Other links: jail services: http://wiki.freebsd.org/AsiaBSDCon_2007_DevSummit?action=AttachFile&do=get&target=jail_services.pdf kernel level virtualisation requirements: http://lists.freebsd.org/pipermail/freebsd-arch/2007-October/006872.html From Alexander at Leidinger.net Thu May 22 11:31:24 2008 From: Alexander at Leidinger.net (Alexander Leidinger) Date: Thu May 22 11:31:32 2008 Subject: Jail resource limits In-Reply-To: <483556DB.9070602@quip.cz> References: <822C1BB6-3591-4CE1-AFEA-8B07B9F5ED8D@pean.org> <483556DB.9070602@quip.cz> Message-ID: <20080522133115.84622rwkp784zi04@webmail.leidinger.net> Quoting Miroslav Lachman <000.fbsd@quip.cz> (from Thu, 22 May 2008 13:19:55 +0200): > Peter Ankerst?l wrote: >> http://wiki.freebsd.org/JailResourceLimits > If the are somebody with skills and time to resurrect some mentioned > projects, I am willing to help with testing. > > Also it will be good to have some up-to-date wiki page with "all the > patches" (resource limits, SysV IPC, multiple IPs...) and status of > this work, so people can easily find and try it. Are you willing to update the existing wiki page? If yes register to the wiki (default style would be MiroslavLachman as the username) and I give you write access to the page. Bye, Alexander. -- Please take note: http://www.Leidinger.net Alexander @ Leidinger.net: PGP ID = B0063FE7 http://www.FreeBSD.org netchild @ FreeBSD.org : PGP ID = 72077137 From peter at pean.org Thu May 22 14:50:47 2008 From: peter at pean.org (=?ISO-8859-1?Q?Peter_Ankerst=E5l?=) Date: Thu May 22 14:50:55 2008 Subject: Jail resource limits In-Reply-To: <483556DB.9070602@quip.cz> References: <822C1BB6-3591-4CE1-AFEA-8B07B9F5ED8D@pean.org> <483556DB.9070602@quip.cz> Message-ID: <08244555-5BD2-4F67-B311-CCC5E316A068@pean.org> > > > If the are somebody with skills and time to resurrect some mentioned > projects, I am willing to help with testing. > I will also be happy to help in whatever way I can. I have no coding- experience to talk about. But testing in various env and so on. (and help with docs/wiki) -- Peter Ankerst?l peter@pean.org From bzeeb-lists at lists.zabbadoz.net Thu May 22 17:15:01 2008 From: bzeeb-lists at lists.zabbadoz.net (Bjoern A. Zeeb) Date: Thu May 22 17:15:07 2008 Subject: Jail resource limits In-Reply-To: <08244555-5BD2-4F67-B311-CCC5E316A068@pean.org> References: <822C1BB6-3591-4CE1-AFEA-8B07B9F5ED8D@pean.org> <483556DB.9070602@quip.cz> <08244555-5BD2-4F67-B311-CCC5E316A068@pean.org> Message-ID: <20080522165219.D47338@maildrop.int.zabbadoz.net> On Thu, 22 May 2008, Peter Ankerst?l wrote: Hi, >> If the are somebody with skills and time to resurrect some mentioned >> projects, I am willing to help with testing. >> > I will also be happy to help in whatever way I can. I have no > coding-experience to talk about. But testing in various env > and so on. (and help with docs/wiki) I will have to go through all this again but it seems that there is more interest from multiple people on this work. As I am currently working on FreeBSD jails (see latetst status report http://www.freebsd.org/news/status/report-2008-01-2008-03.html#Multi-IPv4/v6/no-IP-jails and follow to my homepage to also find the slide from the BSDCan WIP session) I should look into this for everyone running FreeBSD 7. I'll try to get an overview on all the work out there based on the pointers already posted and will see how I can integrate that with whatever is going on in FreeBSD atm or come up with new patches.. Regards, Bjoern -- Bjoern A. Zeeb Stop bit received. Insert coin for new game. From killing at multiplay.co.uk Thu May 22 17:42:40 2008 From: killing at multiplay.co.uk (Steven Hartland) Date: Thu May 22 17:42:45 2008 Subject: Jail resource limits References: <822C1BB6-3591-4CE1-AFEA-8B07B9F5ED8D@pean.org><483556DB.9070602@quip.cz><08244555-5BD2-4F67-B311-CCC5E316A068@pean.org> <20080522165219.D47338@maildrop.int.zabbadoz.net> Message-ID: <8068148B75CB4B3E953144A0DF47E496@multiplay.co.uk> This is something we're really looking forward to tbh a great feature :) One of the reasons for this is hosting jails, with the addition of multi IP support we will be able to enable jails to connect to "backdoor" secure services such as a mysql server. ----- Original Message ----- From: "Bjoern A. Zeeb" I will have to go through all this again but it seems that there is more interest from multiple people on this work. As I am currently working on FreeBSD jails (see latetst status report http://www.freebsd.org/news/status/report-2008-01-2008-03.html#Multi-IPv4/v6/no-IP-jails and follow to my homepage to also find the slide from the BSDCan WIP session) I should look into this for everyone running FreeBSD 7. I'll try to get an overview on all the work out there based on the pointers already posted and will see how I can integrate that with whatever is going on in FreeBSD atm or come up with new patches.. ================================================ This e.mail is private and confidential between Multiplay (UK) Ltd. and the person or entity to whom it is addressed. In the event of misdirection, the recipient is prohibited from using, copying, printing or otherwise disseminating it or any information contained in it. In the event of misdirection, illegible or incomplete transmission please telephone +44 845 868 1337 or return the E.mail to postmaster@multiplay.co.uk. From cthunes at tqhosting.com Thu May 22 17:47:38 2008 From: cthunes at tqhosting.com (Christopher Thunes) Date: Thu May 22 17:47:43 2008 Subject: Jail resource limits In-Reply-To: <483556DB.9070602@quip.cz> References: <822C1BB6-3591-4CE1-AFEA-8B07B9F5ED8D@pean.org> <483556DB.9070602@quip.cz> Message-ID: <4835A207.8080404@tqhosting.com> I should be working on getting this working on 7.0-RELEASE in the next few weeks and will post if I'm able to get anywhere with it. - Chris Thunes Miroslav Lachman wrote: Peter Ankerst?l wrote: [1]http://wiki.freebsd.org/JailResourceLimits Is this anthing people are working on? Is it on its way to RELENG_7? Is there a 7-version of the patch or anything? This would be a _VERY_ useful feature. Hi, AFAIK nobody is working on it. A year ago there was newer release of the patch against CURRENT at that time (FreeBSD 7) [1] [2]http://www.ualberta.ca/~cdjones/jail-cpumem-current.tgz I never test this patch on current, only version for 6.x and if patch for current were made without improvements, it contains same bugs as patch for 6.x (eg.: not showing memory usage). There are some other guys trying to do the same, but I never saw patches published. Andrew Snow - Jails as a VPS [2] Alex Lyashkov - Jail2 aka FreeVPS [3a][3b] Or fixes for C.D. Jones work: Chris Thunes - jtune not showing resource usage - fixed [4] (note - attached patch is reversed) [5] So as you can see, there were some talks about Jail improvements for one year existence of this mailinglist ([3]freebsd-jail@freebsd.org), also it is two years from SoC [6] and we still don't have anything commited to 7.x or to CURRENT. It is sad. There is little attention to jails, only few people are able to do some coding work etc. If the are somebody with skills and time to resurrect some mentioned projects, I am willing to help with testing. Also it will be good to have some up-to-date wiki page with "all the patches" (resource limits, SysV IPC, multiple IPs...) and status of this work, so people can easily find and try it. Miroslav Lachman [1] [4]http://lists.freebsd.org/pipermail/freebsd-jail/2007-June/000030 .html [2] [5]http://lists.freebsd.org/pipermail/freebsd-jail/2008-January/000 152.html [3a] [6]http://docs.freevps.com/doku.php?id=freebsd:index [3b] [7]http://lists.freebsd.org/pipermail/freebsd-arch/2006-June/005293 .html [4] [8]http://lists.freebsd.org/pipermail/freebsd-jail/2007-August/0000 60.html [5] [9]http://lists.freebsd.org/pipermail/freebsd-jail/2007-September/0 00101.html [6] [10]http://wiki.freebsd.org/JailResourceLimits Other links: jail services: [11]http://wiki.freebsd.org/AsiaBSDCon_2007_DevSummit?action=Attach File&do=get&target=jail_services.pdf kernel level virtualisation requirements: [12]http://lists.freebsd.org/pipermail/freebsd-arch/2007-October/00 6872.html _______________________________________________ [13]freebsd-jail@freebsd.org mailing list [14]http://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to [15]"freebsd-jail-unsubscribe@freebsd.org" References 1. http://wiki.freebsd.org/JailResourceLimits 2. http://www.ualberta.ca/~cdjones/jail-cpumem-current.tgz 3. mailto:freebsd-jail@freebsd.org 4. http://lists.freebsd.org/pipermail/freebsd-jail/2007-June/000030.html 5. http://lists.freebsd.org/pipermail/freebsd-jail/2008-January/000152.html 6. http://docs.freevps.com/doku.php?id=freebsd:index 7. http://lists.freebsd.org/pipermail/freebsd-arch/2006-June/005293.html 8. http://lists.freebsd.org/pipermail/freebsd-jail/2007-August/000060.html 9. http://lists.freebsd.org/pipermail/freebsd-jail/2007-September/000101.html 10. http://wiki.freebsd.org/JailResourceLimits 11. http://wiki.freebsd.org/AsiaBSDCon_2007_DevSummit?action=AttachFile&do=get&target=jail_services.pdf 12. http://lists.freebsd.org/pipermail/freebsd-arch/2007-October/006872.html 13. mailto:freebsd-jail@freebsd.org 14. http://lists.freebsd.org/mailman/listinfo/freebsd-jail 15. mailto:freebsd-jail-unsubscribe@freebsd.org From 000.fbsd at quip.cz Thu May 22 22:32:32 2008 From: 000.fbsd at quip.cz (Miroslav Lachman) Date: Thu May 22 22:32:36 2008 Subject: Jail resource limits In-Reply-To: <20080522133115.84622rwkp784zi04@webmail.leidinger.net> References: <822C1BB6-3591-4CE1-AFEA-8B07B9F5ED8D@pean.org> <483556DB.9070602@quip.cz> <20080522133115.84622rwkp784zi04@webmail.leidinger.net> Message-ID: <4835F48C.5080303@quip.cz> Alexander Leidinger wrote: > Quoting Miroslav Lachman <000.fbsd@quip.cz> (from Thu, 22 May 2008 > 13:19:55 +0200): > >> Peter Ankerst?l wrote: >> >>> http://wiki.freebsd.org/JailResourceLimits > > >> If the are somebody with skills and time to resurrect some mentioned >> projects, I am willing to help with testing. >> >> Also it will be good to have some up-to-date wiki page with "all the >> patches" (resource limits, SysV IPC, multiple IPs...) and status of >> this work, so people can easily find and try it. > > > Are you willing to update the existing wiki page? If yes register to > the wiki (default style would be MiroslavLachman as the username) and I > give you write access to the page. OK, I am registered now. Would you like me to edit existing JailResourceLimits page or would it be better to create new general page for Jail(s) similar to ZFS [1] page with table of patches and utilities extending existing jail implementation with status column, discription, authors etc., links to other pages with some useful informations and also with some "requests" area of users proposals that we can discuss here and try to find somebody willing to code / implement it? ;) The main goal could be to get more public attention for future Jail work and break current stagnation of commiting existing patches. Miroslav Lachman [1] http://wiki.freebsd.org/ZFS From bzeeb-lists at lists.zabbadoz.net Thu May 22 22:55:06 2008 From: bzeeb-lists at lists.zabbadoz.net (Bjoern A. Zeeb) Date: Thu May 22 22:55:09 2008 Subject: Jail resource limits In-Reply-To: <4835F48C.5080303@quip.cz> References: <822C1BB6-3591-4CE1-AFEA-8B07B9F5ED8D@pean.org> <483556DB.9070602@quip.cz> <20080522133115.84622rwkp784zi04@webmail.leidinger.net> <4835F48C.5080303@quip.cz> Message-ID: <20080522224614.K47338@maildrop.int.zabbadoz.net> On Fri, 23 May 2008, Miroslav Lachman wrote: Hi, > Would you like me to edit existing JailResourceLimits page or would it be > better to create new general page for Jail(s) similar to ZFS [1] page with > table of patches and utilities extending existing jail implementation with > status column, discription, authors etc., links to other pages with some > useful informations and also with some "requests" area of users proposals > that we can discuss here and try to find somebody willing to code / implement > it? ;) I'd prefer it to be a separate page and leave Clif's GSoC page untouched apart from maybe adding a pointer to the new one. The person to talk to about implementation/integrations/coordination might be me. > The main goal could be to get more public attention for future Jail work and > break current stagnation of commiting existing patches. Future, as in after FreeBSD 7, virtualization work, might no longer be simply jails. There is more work in progress so the main target for this will be 7 with the plan to migrate as much as possible to whatever will be in 8. Regards, Bjoern -- Bjoern A. Zeeb Stop bit received. Insert coin for new game. From peter at pean.org Fri May 23 07:02:39 2008 From: peter at pean.org (=?ISO-8859-1?Q?Peter_Ankerst=E5l?=) Date: Fri May 23 07:02:42 2008 Subject: Jail resource limits In-Reply-To: <20080522133115.84622rwkp784zi04@webmail.leidinger.net> References: <822C1BB6-3591-4CE1-AFEA-8B07B9F5ED8D@pean.org> <483556DB.9070602@quip.cz> <20080522133115.84622rwkp784zi04@webmail.leidinger.net> Message-ID: On May 22, 2008, at 1:31 PM, Alexander Leidinger wrote: > Quoting Miroslav Lachman <000.fbsd@quip.cz> (from Thu, 22 May 2008 > 13:19:55 +0200): > >> Peter Ankerst?l wrote: >>> http://wiki.freebsd.org/JailResourceLimits > >> If the are somebody with skills and time to resurrect some >> mentioned projects, I am willing to help with testing. >> >> Also it will be good to have some up-to-date wiki page with "all >> the patches" (resource limits, SysV IPC, multiple IPs...) and >> status of this work, so people can easily find and try it. > > Are you willing to update the existing wiki page? If yes register to > the wiki (default style would be MiroslavLachman as the username) > and I give you write access to the page. > Maybe it will be a good idea to create a new page that puts all jail- stuff in one place. I mean, there is more to this then just resource limits. -- Peter Ankerst?l peter@pean.org From Alexander at Leidinger.net Fri May 23 08:41:24 2008 From: Alexander at Leidinger.net (Alexander Leidinger) Date: Fri May 23 08:41:29 2008 Subject: Jail resource limits In-Reply-To: <4835F48C.5080303@quip.cz> References: <822C1BB6-3591-4CE1-AFEA-8B07B9F5ED8D@pean.org> <483556DB.9070602@quip.cz> <20080522133115.84622rwkp784zi04@webmail.leidinger.net> <4835F48C.5080303@quip.cz> Message-ID: <20080523104109.1864275fhgggkndw@webmail.leidinger.net> Quoting Miroslav Lachman <000.fbsd@quip.cz> (from Fri, 23 May 2008 00:32:44 +0200): > Alexander Leidinger wrote: >> Quoting Miroslav Lachman <000.fbsd@quip.cz> (from Thu, 22 May 2008 >> 13:19:55 +0200): >> >>> Peter Ankerst?l wrote: >>> >>>> http://wiki.freebsd.org/JailResourceLimits >> >> >>> If the are somebody with skills and time to resurrect some >>> mentioned projects, I am willing to help with testing. >>> >>> Also it will be good to have some up-to-date wiki page with "all >>> the patches" (resource limits, SysV IPC, multiple IPs...) and >>> status of this work, so people can easily find and try it. >> >> >> Are you willing to update the existing wiki page? If yes register >> to the wiki (default style would be MiroslavLachman as the >> username) and I give you write access to the page. > > OK, I am registered now. I added MiroslavLachman to the contributors group and added an ACL to the jail resource limits page so that contributors can write there. > Would you like me to edit existing JailResourceLimits page or would > it be better to create new general page for Jail(s) similar to ZFS > [1] page with table of patches and utilities extending existing jail > implementation with status column, discription, authors etc., links Proceed like you think it's best, I don't want to put restrictions on what you want to do. I suggest to extend the existing page with suitable infos first. Bye, Alexander. -- People will accept your idea much more readily if you tell them Benjamin Franklin said it first. http://www.Leidinger.net Alexander @ Leidinger.net: PGP ID = B0063FE7 http://www.FreeBSD.org netchild @ FreeBSD.org : PGP ID = 72077137 From 000.fbsd at quip.cz Sat May 24 21:13:49 2008 From: 000.fbsd at quip.cz (Miroslav Lachman) Date: Sat May 24 21:13:55 2008 Subject: New wiki page - Jails Message-ID: <4838851D.9010007@quip.cz> OK, I just started with some informations on http://wiki.freebsd.org/Jails So let me know what you think about it and do not hesitate with more ideas. Miroslav Lachman From bzeeb-lists at lists.zabbadoz.net Sat May 24 21:35:08 2008 From: bzeeb-lists at lists.zabbadoz.net (Bjoern A. Zeeb) Date: Sat May 24 21:35:10 2008 Subject: New wiki page - Jails In-Reply-To: <4838851D.9010007@quip.cz> References: <4838851D.9010007@quip.cz> Message-ID: <20080524213123.E65662@maildrop.int.zabbadoz.net> On Sat, 24 May 2008, Miroslav Lachman wrote: Hi, > I just started with some informations on http://wiki.freebsd.org/Jails > So let me know what you think about it and do not hesitate with more ideas. Thanks for the summary. Just on a sidenote: most of the 'Future plans' will never happen as part of jails but as part of a larger virtualization technique if they are going to happen at all. Basically virtualizing everything under the name of jails does ot make a lot of sense. At one point you want a hypervisor and simply boot different instances. /bz -- Bjoern A. Zeeb Stop bit received. Insert coin for new game. From 000.fbsd at quip.cz Sat May 24 21:45:42 2008 From: 000.fbsd at quip.cz (Miroslav Lachman) Date: Sat May 24 21:45:45 2008 Subject: New wiki page - Jails In-Reply-To: <20080524213123.E65662@maildrop.int.zabbadoz.net> References: <4838851D.9010007@quip.cz> <20080524213123.E65662@maildrop.int.zabbadoz.net> Message-ID: <48388C96.1050807@quip.cz> Bjoern A. Zeeb wrote: > On Sat, 24 May 2008, Miroslav Lachman wrote: > > Hi, > >> I just started with some informations on http://wiki.freebsd.org/Jails >> So let me know what you think about it and do not hesitate with more >> ideas. > > > Thanks for the summary. > > Just on a sidenote: most of the 'Future plans' will never happen as > part of jails but as part of a larger virtualization technique if they > are going to happen at all. > Basically virtualizing everything under the name of jails does ot make > a lot of sense. At one point you want a hypervisor and simply boot > different instances. Yes, I am aware of it. It is just a list of "known" feature requests. If you have some background knowledge of what and how is planned in FreeBSD for Jail or Vimage, please let me know and I can write some notes to each 'Future plan' item (someting like 'covered by Vimage' or 'will never appear in Jails' etc.) or you can do it yourself, if you have write access to the wiki page. Miroslav Lachman From 000.fbsd at quip.cz Sun May 25 17:55:05 2008 From: 000.fbsd at quip.cz (Miroslav Lachman) Date: Sun May 25 17:55:09 2008 Subject: Wildcard IP (INADDR_ANY) should not bind inside a jail [was: Re: Jail resource limits] In-Reply-To: <20080522224614.K47338@maildrop.int.zabbadoz.net> References: <822C1BB6-3591-4CE1-AFEA-8B07B9F5ED8D@pean.org> <483556DB.9070602@quip.cz> <20080522133115.84622rwkp784zi04@webmail.leidinger.net> <4835F48C.5080303@quip.cz> <20080522224614.K47338@maildrop.int.zabbadoz.net> Message-ID: <4839A802.70005@quip.cz> Bjoern A. Zeeb wrote: > On Fri, 23 May 2008, Miroslav Lachman wrote: [...] > The person to talk to about implementation/integrations/coordination > might be me. As I am searching for and adding some more patches to the http://wiki.freebsd.org/Jails, I found "Wildcard IP (INADDR_ANY) should not bind inside a jail". The PR http://www.freebsd.org/cgi/query-pr.cgi?pr=84215 is from year 2005 with patch for FreeBSD 6.x and as you have already hands on "Multi-IPv4/v6/no-IP jails", can you take a look at this patch and try to incorporate it in to you work for FreeBSD 7.x / 8.x? Miroslav Lachman From frank at pinky.sax.de Sun May 25 18:39:01 2008 From: frank at pinky.sax.de (Frank Behrens) Date: Sun May 25 18:39:03 2008 Subject: Wildcard IP (INADDR_ANY) should not bind inside a jail [was: Re: Jail resource limits] In-Reply-To: <4839A802.70005@quip.cz> References: <20080522224614.K47338@maildrop.int.zabbadoz.net> Message-ID: <200805251838.m4PIcro1017917@post.frank-behrens.de> Miroslav Lachman <000.fbsd@quip.cz> wrote on 25 May 2008 19:55: > As I am searching for and adding some more patches to the > http://wiki.freebsd.org/Jails, I found "Wildcard IP (INADDR_ANY) should > not bind inside a jail". The PR > http://www.freebsd.org/cgi/query-pr.cgi?pr=84215 is from year 2005 with > patch for FreeBSD 6.x and as you have already hands on > "Multi-IPv4/v6/no-IP jails", can you take a look at this patch and try > to incorporate it in to you work for FreeBSD 7.x / 8.x? I'm the author of the mentioned patch/PR. Meanwhile I'm testing Bjoern's multi jail patch on FreeBSD-7 and I can confirm, that the functionality is already included. When the multi jail patch is committed this PR should be closed with state "resolved". BTW, Bjoern's patch works very well. Regards, Frank -- Frank Behrens, Osterwieck, Germany PGP-key 0x5B7C47ED on public servers available. From bzeeb-lists at lists.zabbadoz.net Sun May 25 18:40:07 2008 From: bzeeb-lists at lists.zabbadoz.net (Bjoern A. Zeeb) Date: Sun May 25 18:40:11 2008 Subject: Wildcard IP (INADDR_ANY) should not bind inside a jail [was: Re: Jail resource limits] In-Reply-To: <4839A802.70005@quip.cz> References: <822C1BB6-3591-4CE1-AFEA-8B07B9F5ED8D@pean.org> <483556DB.9070602@quip.cz> <20080522133115.84622rwkp784zi04@webmail.leidinger.net> <4835F48C.5080303@quip.cz> <20080522224614.K47338@maildrop.int.zabbadoz.net> <4839A802.70005@quip.cz> Message-ID: <20080525183343.W65662@maildrop.int.zabbadoz.net> On Sun, 25 May 2008, Miroslav Lachman wrote: Hi, > Bjoern A. Zeeb wrote: >> On Fri, 23 May 2008, Miroslav Lachman wrote: > > [...] > >> The person to talk to about implementation/integrations/coordination >> might be me. > > As I am searching for and adding some more patches to the > http://wiki.freebsd.org/Jails, I found "Wildcard IP (INADDR_ANY) should not > bind inside a jail". The PR http://www.freebsd.org/cgi/query-pr.cgi?pr=84215 > is from year 2005 with patch for FreeBSD 6.x and as you have already hands on > "Multi-IPv4/v6/no-IP jails", can you take a look at this patch and try to > incorporate it in to you work for FreeBSD 7.x / 8.x? If you look more closely you'll find a bunch of jail patches in PRs. I intend to deal with all of them once I am done, but not before. There are several reasons for this. I checked the list a few weeks ago. /bz -- Bjoern A. Zeeb Stop bit received. Insert coin for new game. From 000.fbsd at quip.cz Sun May 25 20:12:49 2008 From: 000.fbsd at quip.cz (Miroslav Lachman) Date: Sun May 25 20:12:54 2008 Subject: Wildcard IP (INADDR_ANY) should not bind inside a jail [was: Re: Jail resource limits] In-Reply-To: <20080525183343.W65662@maildrop.int.zabbadoz.net> References: <822C1BB6-3591-4CE1-AFEA-8B07B9F5ED8D@pean.org> <483556DB.9070602@quip.cz> <20080522133115.84622rwkp784zi04@webmail.leidinger.net> <4835F48C.5080303@quip.cz> <20080522224614.K47338@maildrop.int.zabbadoz.net> <4839A802.70005@quip.cz> <20080525183343.W65662@maildrop.int.zabbadoz.net> Message-ID: <4839C84B.9060307@quip.cz> Bjoern A. Zeeb wrote: > On Sun, 25 May 2008, Miroslav Lachman wrote: > > Hi, > >> Bjoern A. Zeeb wrote: >> >>> On Fri, 23 May 2008, Miroslav Lachman wrote: >> >> [...] >> >>> The person to talk to about implementation/integrations/coordination >>> might be me. >> >> >> As I am searching for and adding some more patches to the >> http://wiki.freebsd.org/Jails, I found "Wildcard IP (INADDR_ANY) >> should not bind inside a jail". The PR >> http://www.freebsd.org/cgi/query-pr.cgi?pr=84215 is from year 2005 >> with patch for FreeBSD 6.x and as you have already hands on >> "Multi-IPv4/v6/no-IP jails", can you take a look at this patch and try >> to incorporate it in to you work for FreeBSD 7.x / 8.x? > > > If you look more closely you'll find a bunch of jail patches in PRs. I > intend to deal with all of them once I am done, but not before. > There are several reasons for this. > > I checked the list a few weeks ago. I am aware of all PRs from problem reports assigned to freebsd-jail@FreeBSD.org and few others and I will add them to the wiki page later as time permits. I am not trying to make any pressure to you or somebody else but PR database is not always including informations if somebody is working on it etc. I just ask you, if you have some plans / if you know about this PR. And your answer is positive. ;) It would be nice, if you (and other developers too) can publish more informations about "what is in progress" to this list, so I can put it on the page, update status of patches or items on the list of ideas. And thank you for your work! Miroslav Lachman From dgeo at ec-marseille.fr Sun May 25 21:00:00 2008 From: dgeo at ec-marseille.fr (Geoffroy DESVERNAY) Date: Sun May 25 21:00:05 2008 Subject: Jail resource limits In-Reply-To: <8068148B75CB4B3E953144A0DF47E496@multiplay.co.uk> References: <822C1BB6-3591-4CE1-AFEA-8B07B9F5ED8D@pean.org><483556DB.9070602@quip.cz><08244555-5BD2-4F67-B311-CCC5E316A068@pean.org> <20080522165219.D47338@maildrop.int.zabbadoz.net> <8068148B75CB4B3E953144A0DF47E496@multiplay.co.uk> Message-ID: <4839CEFC.1050605@ec-marseille.fr> Steven Hartland a ?crit : > This is something we're really looking forward to tbh a great > feature :) One of the reasons for this is hosting jails, with > the addition of multi IP support we will be able to enable > jails to connect to "backdoor" secure services such as a > mysql server. > We are already doing this (sql on a separated(physical) LAN, but jail don't need a second interface for that: the real host's routing table is used for outgoing packets. Note we still need a static route on the SQL server for the packets to come back the same way I still don't know if this behaviour is the better one (one may think that jail's packets should not go through different interface ?), but it works quite well ;) That said, we are interested in testing IPv6 and limitation stuff on i386/amd64 machines... But not able to code (I may discover a missing ';' bug, not not much more ;) -- Geoffroy Desvernay Ecole Centrale de Marseille -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 252 bytes Desc: OpenPGP digital signature Url : http://lists.freebsd.org/pipermail/freebsd-jail/attachments/20080525/75c23a32/signature.pgp From killing at multiplay.co.uk Sun May 25 22:04:02 2008 From: killing at multiplay.co.uk (Steven Hartland) Date: Sun May 25 22:04:05 2008 Subject: Jail resource limits References: <822C1BB6-3591-4CE1-AFEA-8B07B9F5ED8D@pean.org><483556DB.9070602@quip.cz><08244555-5BD2-4F67-B311-CCC5E316A068@pean.org> <20080522165219.D47338@maildrop.int.zabbadoz.net> <8068148B75CB4B3E953144A0DF47E496@multiplay.co.uk> <4839CEFC.1050605@ec-marseille.fr> Message-ID: <1F08E6231F60497A9BF556590BB56E9A@multiplay.co.uk> ----- Original Message ----- From: "Geoffroy DESVERNAY" >> This is something we're really looking forward to tbh a great >> feature :) One of the reasons for this is hosting jails, with >> the addition of multi IP support we will be able to enable >> jails to connect to "backdoor" secure services such as a >> mysql server. >> > We are already doing this (sql on a separated(physical) LAN, but jail > don't need a second interface for that: the real host's routing table is > used for outgoing packets. > Note we still need a static route on the SQL server for the packets to > come back the same way > > I still don't know if this behaviour is the better one (one may think > that jail's packets should not go through different interface ?), but it > works quite well ;) Surely that compromises jail security i.e. being able to access resources from the host box even it the jail has no perceivable access to them? I assume this still doesn't work if the server is in fact run on the main host only running on localhost? Regards Steve ================================================ This e.mail is private and confidential between Multiplay (UK) Ltd. and the person or entity to whom it is addressed. In the event of misdirection, the recipient is prohibited from using, copying, printing or otherwise disseminating it or any information contained in it. In the event of misdirection, illegible or incomplete transmission please telephone +44 845 868 1337 or return the E.mail to postmaster@multiplay.co.uk. From dgeo at ec-marseille.fr Mon May 26 06:15:59 2008 From: dgeo at ec-marseille.fr (Geoffroy DESVERNAY) Date: Mon May 26 06:16:04 2008 Subject: Jail resource limits In-Reply-To: <1F08E6231F60497A9BF556590BB56E9A@multiplay.co.uk> References: <822C1BB6-3591-4CE1-AFEA-8B07B9F5ED8D@pean.org><483556DB.9070602@quip.cz><08244555-5BD2-4F67-B311-CCC5E316A068@pean.org> <20080522165219.D47338@maildrop.int.zabbadoz.net> <8068148B75CB4B3E953144A0DF47E496@multiplay.co.uk> <4839CEFC.1050605@ec-marseille.fr> <1F08E6231F60497A9BF556590BB56E9A@multiplay.co.uk> Message-ID: <483A5593.60003@ec-marseille.fr> >> come back the same way >> >> I still don't know if this behaviour is the better one (one may think >> that jail's packets should not go through different interface ?), but = it >> works quite well ;) >=20 > Surely that compromises jail security i.e. being able to access > resources from the host box even it the jail has no perceivable > access to them? >=20 It have to be took in consideration before production time at least ;) > I assume this still doesn't work if the server is in fact run on > the main host only running on localhost? >=20 I think the main host is never 'only' on localhost, since you must add interfaces and addresses for the different jails it hosts, and those interfaces are used by host's routing table... The IP addresses you use for jails are usable by main host, and routing table of main host is used to route jail's packets... so any jail you host can use any other jail's route. (if you have only localhost on main an *only one* interface for all jour jails, it doesn't hurt). In our case, one of our jail host is using pf's 'route-to' to re-route packets going to 'forbidden' interface from jails. Regards, --=20 Geoffroy Desvernay Ecole Centrale de Marseille -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 252 bytes Desc: OpenPGP digital signature Url : http://lists.freebsd.org/pipermail/freebsd-jail/attachments/20080526/7de9a1e6/signature.pgp From bugmaster at FreeBSD.org Mon May 26 11:06:51 2008 From: bugmaster at FreeBSD.org (FreeBSD bugmaster) Date: Mon May 26 11:07:23 2008 Subject: Current problem reports assigned to freebsd-jail@FreeBSD.org Message-ID: <200805261106.m4QB6oaX064942@freefall.freebsd.org> Current FreeBSD problem reports Critical problems Serious problems S Tracker Resp. Description -------------------------------------------------------------------------------- s kern/89528 jail [jail] [patch] impossible to kill a jail o kern/119842 jail [smbfs] [jail] "Bad address" with smbfs inside a jail 2 problems total. Non-critical problems S Tracker Resp. Description -------------------------------------------------------------------------------- o bin/32828 jail [jail] w(1) incorrectly handles stale utmp slots with o kern/68192 jail [quotas] [jail] Cannot use quotas on jailed systems o kern/72498 jail [libc] [jail] timestamp code on jailed SMP machine gen o kern/74314 jail [resolver] [jail] DNS resolver broken under certain ja o kern/84215 jail [jail] [patch] wildcard ip (INADDR_ANY) should not bin o kern/89989 jail [jail] [patch] Add option -I (ASCII 73) PID to specif o kern/97071 jail [jail] [patch] add security.jail.jid sysctl o bin/99566 jail [jail] [patch] fstat(1) according to specified jid o bin/119305 jail [jail] [patch] jexec(8): jexec -n prisonname: selectio o kern/120753 jail [jail] Zombie jails (jailed child process exits while 10 problems total. From mr at FreeBSD.org Mon May 26 13:40:45 2008 From: mr at FreeBSD.org (mr@FreeBSD.org) Date: Mon May 26 13:40:46 2008 Subject: bin/119305: [jail] [patch] jexec(8): jexec -n prisonname: selection by jail name Message-ID: <200805261340.m4QDehi6081334@freefall.freebsd.org> Synopsis: [jail] [patch] jexec(8): jexec -n prisonname: selection by jail name State-Changed-From-To: open->closed State-Changed-By: mr State-Changed-When: Mon May 26 13:38:20 UTC 2008 State-Changed-Why: Different patch committed to HEAD. http://www.freebsd.org/cgi/query-pr.cgi?pr=119305 From dfilter at FreeBSD.ORG Mon May 26 19:30:06 2008 From: dfilter at FreeBSD.ORG (dfilter service) Date: Mon May 26 19:30:08 2008 Subject: bin/119305: commit references a PR Message-ID: <200805261930.m4QJU61n006348@freefall.freebsd.org> The following reply was made to PR bin/119305; it has been noted by GNATS. From: dfilter@FreeBSD.ORG (dfilter service) To: bug-followup@FreeBSD.org Cc: Subject: Re: bin/119305: commit references a PR Date: Mon, 26 May 2008 19:25:00 +0000 (UTC) mr 2008-05-26 19:24:45 UTC FreeBSD src repository Modified files: usr.sbin/jexec jexec.8 jexec.c Log: Add CAUTIONS section to the manpage and update .Dd. Spelling fix. PR: bin/119305 (reminded by Frank Behrens) Suggested by: rwatson, maxim MFC after: 2 weeks Revision Changes Path 1.6 +5 -1 src/usr.sbin/jexec/jexec.8 1.6 +1 -1 src/usr.sbin/jexec/jexec.c _______________________________________________ cvs-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/cvs-all To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"