From bugmaster at FreeBSD.org Mon Feb 2 03:07:04 2009 From: bugmaster at FreeBSD.org (FreeBSD bugmaster) Date: Mon Feb 2 03:09:16 2009 Subject: Current problem reports assigned to freebsd-rc@FreeBSD.org Message-ID: <200902021106.n12B6xfE094546@freefall.freebsd.org> Note: to view an individual PR, use: http://www.freebsd.org/cgi/query-pr.cgi?pr=(number). The following is a listing of current problems submitted by FreeBSD users. These represent problem reports covering all versions including experimental development code and obsolete releases. S Tracker Resp. Description -------------------------------------------------------------------------------- o conf/130414 rc [patch] rc services started with onestart are not stop o conf/128299 rc [patch] /etc/rc.d/geli does not mount partitions using o conf/127917 rc [patch] dumpon rejects on start with physmem>swap even o bin/126562 rc rcorder(8) fails to run unrelated startup scripts when o conf/126392 rc [patch] rc.conf ifconfig_xx keywords cannot be escaped o bin/126324 rc [patch] rc.d/tmp: Prevent mounting /tmp in second tim o conf/124747 rc [patch] savecore can't create dump from encrypted swap o conf/124248 rc [patch] add support for nice value for rc.d/jail + rc. o conf/123734 rc [patch] Chipset VIA CX700 requires extra initializatio o conf/123222 rc [patch] Add rtprio(1)/idprio(1) support to rc.subr(8). o conf/122477 rc [patch] /etc/rc.d/mdconfig and mdconfig2 are ignoring o conf/122170 rc [patch] [request] New feature: notify admin via page o o conf/122036 rc [rc.d]: Mounting at boot with ZFS causes a halt in boo o kern/121566 rc [nfs] [request] [patch] ethernet iface should be broug o conf/120431 rc [patch] devfs.rules are not initialized under certain o conf/120406 rc [devd] [patch] Handle newly attached pcm devices (eg. o conf/120228 rc [zfs] [patch] Split ZFS volume startup / ease ZFS swap o conf/120194 rc [patch] UFS volumes on ZVOLs cannot be fsck'd at boot o conf/119874 rc [patch] "/etc/rc.d/pf reload" fails if there are macro o conf/119076 rc [patch] [rc.d] /etc/rc.d/netif tries to remove alias a o bin/118325 rc [patch] [request] new periodic script to test statuses o conf/118255 rc savecore never finding kernel core dumps (rcorder prob o conf/117935 rc [patch] ppp fails to start at boot because of missing o conf/113915 rc [patch] ndis wireless driver fails to associate when i o conf/109980 rc /etc/rc.d/netif restart doesn't destroy cloned_interfa o conf/109562 rc [rc.d] [patch] [request] Make rc.d/devfs usable from c o conf/106009 rc [ppp] [patch] [request] Fix pppoed startup script to p o conf/105689 rc [ppp] [request] syslogd starts too late at boot o conf/105568 rc [patch] [request] Add more flexibility to rc.conf, to o conf/105145 rc [ppp] [patch] [request] add redial function to rc.d/pp o conf/104549 rc [patch] rc.d/nfsd needs special _find_processes functi o conf/102700 rc [geli] [patch] Add encrypted /tmp support to GELI/GBDE o conf/99721 rc [patch] /etc/rc.initdiskless problem copy dotfile in s o conf/99444 rc [patch] Enhancement: rc.subr could easily support star o conf/96343 rc [patch] rc.d order change to start inet6 before pf o conf/93815 rc [patch] Adds in the ability to save ipfw rules to rc.d o conf/92523 rc [patch] allow rc scripts to kill process after a timeo o conf/89870 rc [patch] [request] make netif verbose rc.conf toggle o conf/89061 rc [patch] IPv6 6to4 auto-configuration enhancement o conf/88913 rc [patch] wrapper support for rc.subr o conf/85819 rc [patch] script allowing multiuser mode in spite of fsc o kern/81006 rc ipnat not working with tunnel interfaces on startup o conf/77663 rc Suggestion: add /etc/rc.d/addnetswap after addcritremo o conf/73677 rc [patch] add support for powernow states to power_profi o conf/58939 rc [patch] dumb little hack for /etc/rc.firewall{,6} o conf/56934 rc [patch] rc.firewall rules for natd expect an interface o conf/45226 rc [patch] Fix for rc.network, ppp-user annoyance o conf/44170 rc [patch] Add ability to run multiple pppoed(8) on start 48 problems total. From bugmaster at FreeBSD.org Mon Feb 9 03:06:58 2009 From: bugmaster at FreeBSD.org (FreeBSD bugmaster) Date: Mon Feb 9 03:09:08 2009 Subject: Current problem reports assigned to freebsd-rc@FreeBSD.org Message-ID: <200902091106.n19B6vIx009237@freefall.freebsd.org> Note: to view an individual PR, use: http://www.freebsd.org/cgi/query-pr.cgi?pr=(number). The following is a listing of current problems submitted by FreeBSD users. These represent problem reports covering all versions including experimental development code and obsolete releases. S Tracker Resp. Description -------------------------------------------------------------------------------- o conf/130414 rc [patch] rc services started with onestart are not stop o conf/128299 rc [patch] /etc/rc.d/geli does not mount partitions using o conf/127917 rc [patch] dumpon rejects on start with physmem>swap even o bin/126562 rc rcorder(8) fails to run unrelated startup scripts when o conf/126392 rc [patch] rc.conf ifconfig_xx keywords cannot be escaped o bin/126324 rc [patch] rc.d/tmp: Prevent mounting /tmp in second tim o conf/124747 rc [patch] savecore can't create dump from encrypted swap o conf/124248 rc [patch] add support for nice value for rc.d/jail + rc. o conf/123734 rc [patch] Chipset VIA CX700 requires extra initializatio o conf/123222 rc [patch] Add rtprio(1)/idprio(1) support to rc.subr(8). o conf/122477 rc [patch] /etc/rc.d/mdconfig and mdconfig2 are ignoring o conf/122170 rc [patch] [request] New feature: notify admin via page o o conf/122036 rc [rc.d]: Mounting at boot with ZFS causes a halt in boo o kern/121566 rc [nfs] [request] [patch] ethernet iface should be broug o conf/120431 rc [patch] devfs.rules are not initialized under certain o conf/120406 rc [devd] [patch] Handle newly attached pcm devices (eg. o conf/120228 rc [zfs] [patch] Split ZFS volume startup / ease ZFS swap o conf/120194 rc [patch] UFS volumes on ZVOLs cannot be fsck'd at boot o conf/119874 rc [patch] "/etc/rc.d/pf reload" fails if there are macro o conf/119076 rc [patch] [rc.d] /etc/rc.d/netif tries to remove alias a o bin/118325 rc [patch] [request] new periodic script to test statuses o conf/118255 rc savecore never finding kernel core dumps (rcorder prob o conf/117935 rc [patch] ppp fails to start at boot because of missing o conf/113915 rc [patch] ndis wireless driver fails to associate when i o conf/109980 rc /etc/rc.d/netif restart doesn't destroy cloned_interfa o conf/109562 rc [rc.d] [patch] [request] Make rc.d/devfs usable from c o conf/106009 rc [ppp] [patch] [request] Fix pppoed startup script to p o conf/105689 rc [ppp] [request] syslogd starts too late at boot o conf/105568 rc [patch] [request] Add more flexibility to rc.conf, to o conf/105145 rc [ppp] [patch] [request] add redial function to rc.d/pp o conf/104549 rc [patch] rc.d/nfsd needs special _find_processes functi o conf/102700 rc [geli] [patch] Add encrypted /tmp support to GELI/GBDE o conf/99721 rc [patch] /etc/rc.initdiskless problem copy dotfile in s o conf/99444 rc [patch] Enhancement: rc.subr could easily support star o conf/96343 rc [patch] rc.d order change to start inet6 before pf o conf/93815 rc [patch] Adds in the ability to save ipfw rules to rc.d o conf/92523 rc [patch] allow rc scripts to kill process after a timeo o conf/89870 rc [patch] [request] make netif verbose rc.conf toggle o conf/89061 rc [patch] IPv6 6to4 auto-configuration enhancement o conf/88913 rc [patch] wrapper support for rc.subr o conf/85819 rc [patch] script allowing multiuser mode in spite of fsc o kern/81006 rc ipnat not working with tunnel interfaces on startup o conf/77663 rc Suggestion: add /etc/rc.d/addnetswap after addcritremo o conf/73677 rc [patch] add support for powernow states to power_profi o conf/58939 rc [patch] dumb little hack for /etc/rc.firewall{,6} o conf/56934 rc [patch] rc.firewall rules for natd expect an interface o conf/45226 rc [patch] Fix for rc.network, ppp-user annoyance o conf/44170 rc [patch] Add ability to run multiple pppoed(8) on start 48 problems total. From gavin at FreeBSD.org Tue Feb 10 06:01:14 2009 From: gavin at FreeBSD.org (gavin@FreeBSD.org) Date: Tue Feb 10 06:01:34 2009 Subject: conf/131458: /etc/rc.d/defaultroute produces misleading output Message-ID: <200902101401.n1AE194c080648@freefall.freebsd.org> Synopsis: /etc/rc.d/defaultroute produces misleading output Responsible-Changed-From-To: freebsd-bugs->freebsd-rc Responsible-Changed-By: gavin Responsible-Changed-When: Tue Feb 10 14:00:40 UTC 2009 Responsible-Changed-Why: Over to maintainer(s) http://www.freebsd.org/cgi/query-pr.cgi?pr=131458 From delphij at delphij.net Tue Feb 10 19:24:41 2009 From: delphij at delphij.net (Xin LI) Date: Tue Feb 10 19:24:48 2009 Subject: [RFC] Skeleton jail (rc.d feature proposal) Message-ID: <499244E6.9030205@delphij.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, Ok, some local users has prodded me in committing the "skeleton jail" feature, I find it useful myself but not sure if it's appropriate to commit it against -HEAD, so I'd like to explain it, try to present it in a better way, and request for comments. I'd like to have some native English speakers to proof read the manual page changes if this is found useful for general consumption. Some descriptions: ===== What is it? Basically, a "skeleton" jail is a jail which has part of its directories, typically directories containing the base system, say the binaries, libraries, mount_nullfs'ed from a template, usually /. What I did implemented is some helper scripts as well as some Makefile changes to make the task easier. A NULLFS mount, typically, read-only, from either a template (an installed world located in some directory, or the host system, say, / itself), would reduce the time that is taken upon system upgrade; on the other hand, it makes it possible to switch the base system libraries on-the-fly. The read-only nature of these NULLFS mounts also helps development environments that don't want programmers to make unauthorized changes to the base system itself, we actually have used it in our development environment and found this as an useful side effect. ===== How to use it? One make(1) target, "installskel" has been added to top-level (/usr/src) Makefile. This can be used to populate a skeleton where only a minimal set of files and directories are installed that will support the startup of a skeleton jail. "installskel" is actually a shortcut of "make hierarchy" and "cd etc; make distribution". So, to create a skeleton: cd /usr/src make installskel DESTDIR=$D Where "D" is the directory where you want the skeleton to be placed at, say, /vhost/myjail in this example; then, set up rc.conf(5) parameters like this: jail_myjail_rootdir="/vhost/myjail/" jail_myjail_devfs_enable="YES" jail_myjail_skel_enable="YES" The rc.d infrastructure would automatically mount the following directories from the template (when not specified, /) as read-only: bin lib libexec sbin usr/bin usr/include usr/lib usr/libdata usr/libexec usr/sbin usr/share usr/src usr/obj Cheers, - -- Xin LI http://www.delphij.net/ FreeBSD - The Power to Serve! -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.10 (FreeBSD) iEYEARECAAYFAkmSROUACgkQi+vbBBjt66DncwCguU5YAytGEhvwMGbLzk0uFqkI lKEAn3RhVNxIF4XROQj0ijWyEsZgP+IJ =Sd9e -----END PGP SIGNATURE----- -------------- next part -------------- Index: Makefile =================================================================== --- Makefile ????????? 188424??? +++ Makefile ?????????????????? @@ -84,6 +84,7 @@ depend distribute distributeworld distrib-dirs distribution doxygen \ everything hierarchy install installcheck installkernel \ installkernel.debug reinstallkernel reinstallkernel.debug \ + installskel \ installworld kernel-toolchain libraries lint maninstall \ obj objlink regress rerelease showconfig tags toolchain update \ _worldtmp _legacy _bootstrap-tools _cleanobj _obj \ @@ -98,6 +99,7 @@ .ORDER: buildworld installworld .ORDER: buildworld distributeworld .ORDER: buildworld buildkernel +.ORDER: buildworld installskel .ORDER: buildkernel installkernel .ORDER: buildkernel installkernel.debug .ORDER: buildkernel reinstallkernel Index: Makefile.inc1 =================================================================== --- Makefile.inc1 ????????? 188424??? +++ Makefile.inc1 ?????????????????? @@ -651,6 +651,18 @@ ${IMAKEENV} rm -rf ${INSTALLTMP} # +# installskel +# +# Installs a minimum set of files that can support a mini-jail +# +installskel: + @echo "--------------------------------------------------------------" + @echo ">>> Making installskel" + @echo "--------------------------------------------------------------" + ${_+_}cd ${.CURDIR}; ${MAKE} hierarchy + ${_+_}cd ${.CURDIR}/etc; ${MAKE} distribution + +# # reinstall # # If you have a build server, you can NFS mount the source and obj directories Index: etc/defaults/rc.conf =================================================================== --- etc/defaults/rc.conf ????????? 188424??? +++ etc/defaults/rc.conf ?????????????????? @@ -611,6 +611,11 @@ jail_set_hostname_allow="YES" # Allow root user in a jail to change its hostname jail_socket_unixiproute_only="YES" # Route only TCP/IP within a jail jail_sysvipc_allow="NO" # Allow SystemV IPC use from within a jail +jail_skel_enable="NO" # Whether to globally enable "skel" jail +jail_skel_root="/" # The root directory for skel template +jail_skel_romounts="bin lib libexec sbin usr/bin usr/include usr/lib usr/libdata usr/libexec usr/sbin usr/share usr/src usr/obj" + # Read-only nullfs mounts from the template +jail_skel_rwmounts="" # Read-write nullfs mounts from the template # # To use rc's built-in jail infrastructure create entries for @@ -640,6 +645,11 @@ #jail_example_mount_enable="NO" # mount/umount jail's fs #jail_example_fstab="" # fstab(5) for mount/umount #jail_example_flags="-l -U root" # flags for jail(8) +#jail_example_skel_enable="NO" # Whether to enable "skel" jail +#jail_example_skel_root="/" # The root directory for skel template +#jail_example_skel_romounts="bin lib libexec sbin usr/bin usr/include usr/lib usr/libdata usr/libexec usr/sbin usr/share usr/src usr/obj usr/ports" + # Read-only nullfs mounts from the template +#jail_example_skel_rwmounts="" # Read-write nullfs mounts from the template ############################################################## ### Define source_rc_confs, the mechanism used by /etc/rc.* ## Index: etc/rc.d/jail =================================================================== --- etc/rc.d/jail ????????? 188424??? +++ etc/rc.d/jail ?????????????????? @@ -85,6 +85,16 @@ [ -z "${_consolelog}" ] && _consolelog="/var/log/jail_${_j}_console.log" eval _fib=\"\${jail_${_j}_fib:-${jail_fib}}\" + # Default settings for skel jail + eval _skel_enable=\"\${jail_${_j}_skel_enable:-${jail_skel_enable}}\" + [ -z "${_skel_enable}" ] && _skel_enable="NO" + eval _skel_root=\"\${jail_${_j}_skel_root:-${jail_skel_root}}\" + [ -z "${_skel_root}" ] && _skel_root="/" + eval _skel_romounts=\"\${jail_${_j}_skel_romounts:-${jail_skel_romounts}}\" + [ -z "${_skel_romounts}" ] && _skel_romounts="bin lib libexec sbin usr/bin usr/include usr/lib usr/libdata usr/libexec usr/sbin usr/share usr/src usr/obj" + eval _skel_rwmounts=\"\${jail_${_j}_skel_rwmounts:-${jail_skel_rwmounts}}\" + [ -z "${_skel_rwmounts}" ] && _skel_rwmounts="" + # Debugging aid # debug "$_j devfs enable: $_devfs" @@ -120,6 +130,10 @@ debug "$_j exec stop: $_exec_stop" debug "$_j flags: $_flags" debug "$_j consolelog: $_consolelog" + debug "$_j skel enable: $_skel_enable" + debug "$_j skel mount-readonly: $_skel_romounts" + debug "$_j skel mount-readwrite: $_skel_rwmounts" + debug "$_j skel mount skeleton from: $_skel_root" if [ -z "${_hostname}" ]; then err 3 "$name: No hostname has been defined for ${_j}" @@ -241,6 +255,14 @@ secure_umount ${_mountpt} done fi + if checkyesno _skel_enable; then + for _mntpt in ${_skel_romounts} ${_skel_rwmounts} + do + if [ -d "${_rootdir}/${_mntpt}" ] ; then + umount -f ${_rootdir}/${_mntpt} > /dev/null 2>&1 + fi + done + fi } # jail_mount_fstab() @@ -509,6 +531,17 @@ fi jail_mount_fstab fi + if checkyesno _skel_enable; then + info "Mounting skeleton for jail ${_jail} from ${_skel_root}" + for _mntpt in $_skel_rwmounts + do + mount_nullfs ${_skel_root}/${_mntpt} ${_rootdir}/${_mntpt} > /dev/null 2>&1 + done + for _mntpt in $_skel_romounts + do + mount_nullfs -ordonly ${_skel_root}/${_mntpt} ${_rootdir}/${_mntpt} > /dev/null 2>&1 + done + fi if checkyesno _devfs; then # If devfs is already mounted here, skip it. df -t devfs "${_devdir}" >/dev/null Index: share/man/man5/rc.conf.5 =================================================================== --- share/man/man5/rc.conf.5 ????????? 188424??? +++ share/man/man5/rc.conf.5 ?????????????????? @@ -24,7 +24,7 @@ .\" .\" $FreeBSD$ .\" -.Dd January 27, 2009 +.Dd February 10, 2009 .Dt RC.CONF 5 .Os .Sh NAME @@ -3413,6 +3413,46 @@ .Va jail_ Ns Ao Ar jname Ac Ns Va _exec_stop for every jail in .Va jail_list . +.It Va jail_skel_enable +.Pq Vt bool +Set to +.Dq Li NO +by default. +When set to +.Dq Li YES , +sets +.Va jail_ Ns Ao Ar jname Ac Ns Va _skel_enable +to +.Dq Li YES +by default for every jail in +.Va jail_list . +.It Va jail_skel_root +.Pq Vt str +Set to +.Dq Li / +by default. +When set, use as default value for +.Va jail_ Ns Ao Ar jname Ac Ns Va _skel_root +for every jail in +.Va jail_list . +.It Va jail_skel_romount +.Pq Vt str +Set to +.Dq Li bin lib libexec sbin usr/bin usr/include usr/lib usr/libdata usr/libexec usr/sbin usr/share usr/src usr/obj +by default. +When set, use as default value for +.Va jail_ Ns Ao Ar jname Ac Ns Va _skel_romount +for every jail in +.Va jail_list . +.It Va jail_skel_rwmount +.Pq Vt str +Set to empty by default. +When set, use as default value for +.Va jail_ Ns Ao Ar jname Ac Ns Va _skel_rwmount +for every jail in +.Va jail_list . .It Va jail_ Ns Ao Ar jname Ac Ns Va _rootdir .Pq Vt str Unset by default. @@ -3549,6 +3589,38 @@ .Dq Li /bin/sh /etc/rc.shutdown by default. This is the command executed at jail shutdown. +.It Va jail_ Ns Ao Ar jname Ac Ns Va _skel_enable +.Pq Vt bool +Set to +.Dq Li NO +by default. +When set to +.Dq Li YES , +enable the skeleton jail, which +.Xr mount_nullfs 8 +two lists of filesystems, one of which lists read-only, +another lists read-write as specified by the administrator, +relative to the template root, into inside jail +.Ar jname +respectively, at jail startup. +.It Va jail_ Ns Ao Ar jname Ac Ns Va _skel_root +.Pq Vt str +Set to +.Dq Li / +by default. +Specifies the root directory that a skeleton template is based on. +.It Va jail_ Ns Ao Ar jname Ac Ns Va _skel_romounts +.Pq Vt str +Specifies a list of directories that is expected to be mounted from +the skeleton template, into inside jail +.Ar jname , +as read-only. +.It Va jail_ Ns Ao Ar jname Ac Ns Va _skel_rwmounts +.Pq Vt str +Specifies a list of directories that is expected to be mounted from +the skeleton template, into inside jail +.Ar jname , +as read-write. .It Va jail_set_hostname_allow .Pq Vt bool If set to Index: usr.sbin/jail/jail.8 =================================================================== --- usr.sbin/jail/jail.8 ????????? 188424??? +++ usr.sbin/jail/jail.8 ?????????????????? @@ -412,6 +412,46 @@ /etc/rc.d/jail start myjail /etc/rc.d/jail stop myjail .Ed +.Ss "Setting up a Jail from a template directory" +A so-called skeleton jail, is an environment where part of its +directories comes from +.Xr mount_nullfs 8 +from a template directory. +.Pp +Such setup can save the time for the administrator because it makes +it possible to share certain binaries and libraries between several +jails, as well as easy experimenting different releases of the +operating system libraries by switching template directories. +Also, this type of setup would save certain amount of disk space. +.Pp +A template directory can be populated with +.Dq "make world" , +or, the host system environment +.Aq Dq "/" , +can be used as well. +.Pp +To set up a jail directory tree containing the jail, one can use +the following +.Xr sh 1 +command script: +.Bd -literal +D=/here/is/the/jail +cd /usr/src +mkdir -p $D +make installskel DESTDIR=$D +.Ed +.Pp +One should explicitly specify that the jail is skeleton jail, by +either enabling the global flag +.Dq jail_skel_enable , +or the per-jail flag +.Dq Va jail_ Ns Ao Ar jname Ac Ns Va _skel_enable +in +.Xr rc.conf 5 +configuration. The system supplied a set of defaults that is +useful for typical setup, and is tweakable through several variables +as described in +.Xr rc.conf 5 . .Ss "Managing the Jail" Normal machine shutdown commands, such as .Xr halt 8 , From delphij at delphij.net Tue Feb 10 19:53:05 2009 From: delphij at delphij.net (Xin LI) Date: Tue Feb 10 19:53:11 2009 Subject: [RFC] Skeleton jail (rc.d feature proposal) In-Reply-To: <499246D4.8020908@freebsd.org> References: <499244E6.9030205@delphij.net> <499246D4.8020908@freebsd.org> Message-ID: <49924B92.6050307@delphij.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Lawrence Stewart wrote: > Xin LI wrote: >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> Hi, >> >> Ok, some local users has prodded me in committing the "skeleton jail" > > [snip] > > Can you describe how this differs from the functionality provided by the > ezjail port? (/usr/ports/sysutils/ezjail/) I think they have different targets. Skeleton jail is more lightweight which is only very few lines of changes to the base system (i.e. the aim is to provide convenient shortcut for common tasks, not to be a complete solution); the functionality provided by skeleton jail, on the other hand, could be useful building blocks to ezjail. Cheers, - -- Xin LI http://www.delphij.net/ FreeBSD - The Power to Serve! -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.10 (FreeBSD) iEYEARECAAYFAkmSS5EACgkQi+vbBBjt66D4NQCfSL6g+UgptFPEAnea7HBjDZU4 /30AnAkF7eJU1/v6gD+irFrdO/aaLZvS =spnz -----END PGP SIGNATURE----- From lstewart at freebsd.org Tue Feb 10 19:56:46 2009 From: lstewart at freebsd.org (Lawrence Stewart) Date: Tue Feb 10 19:56:58 2009 Subject: [RFC] Skeleton jail (rc.d feature proposal) In-Reply-To: <499244E6.9030205@delphij.net> References: <499244E6.9030205@delphij.net> Message-ID: <499246D4.8020908@freebsd.org> Xin LI wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hi, > > Ok, some local users has prodded me in committing the "skeleton jail" [snip] Can you describe how this differs from the functionality provided by the ezjail port? (/usr/ports/sysutils/ezjail/) Cheers, Lawrence From dfilter at FreeBSD.ORG Wed Feb 11 01:20:06 2009 From: dfilter at FreeBSD.ORG (dfilter service) Date: Wed Feb 11 01:20:21 2009 Subject: conf/131458: commit references a PR Message-ID: <200902110920.n1B9K5aW078749@freefall.freebsd.org> The following reply was made to PR conf/131458; it has been noted by GNATS. From: dfilter@FreeBSD.ORG (dfilter service) To: bug-followup@FreeBSD.org Cc: Subject: Re: conf/131458: commit references a PR Date: Wed, 11 Feb 2009 09:18:20 +0000 (UTC) Author: mtm Date: Wed Feb 11 09:18:09 2009 New Revision: 188478 URL: http://svn.freebsd.org/changeset/base/188478 Log: Reword informational message by rc.d/defaultroute. PR: conf/131458 Modified: head/etc/rc.d/defaultroute Modified: head/etc/rc.d/defaultroute ============================================================================== --- head/etc/rc.d/defaultroute Wed Feb 11 07:50:07 2009 (r188477) +++ head/etc/rc.d/defaultroute Wed Feb 11 09:18:09 2009 (r188478) @@ -45,7 +45,7 @@ defaultroute_start() break fi if [ ${delay} -eq ${if_up_delay} ]; then - echo -n "Waiting ${delay}s for an interface to come up: " + echo -n "Waiting ${delay}s for the default route interface: " else echo -n . fi _______________________________________________ svn-src-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org" From mtm at FreeBSD.org Wed Feb 11 01:22:12 2009 From: mtm at FreeBSD.org (mtm@FreeBSD.org) Date: Wed Feb 11 01:22:19 2009 Subject: conf/131458: [rc] /etc/rc.d/defaultroute produces misleading output Message-ID: <200902110922.n1B9MBut085674@freefall.freebsd.org> Synopsis: [rc] /etc/rc.d/defaultroute produces misleading output State-Changed-From-To: open->closed State-Changed-By: mtm State-Changed-When: Wed Feb 11 09:21:05 UTC 2009 State-Changed-Why: Thanks! Fixed in r188478. http://www.freebsd.org/cgi/query-pr.cgi?pr=131458 From Alexander at Leidinger.net Wed Feb 11 03:20:41 2009 From: Alexander at Leidinger.net (Alexander Leidinger) Date: Wed Feb 11 03:20:48 2009 Subject: [RFC] Skeleton jail (rc.d feature proposal) In-Reply-To: <49924B92.6050307@delphij.net> References: <499244E6.9030205@delphij.net> <499246D4.8020908@freebsd.org> <49924B92.6050307@delphij.net> Message-ID: <20090211120226.75402wimhlvv1fk0@webmail.leidinger.net> Quoting Xin LI (from Tue, 10 Feb 2009 19:52:50 -0800): > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Lawrence Stewart wrote: >> Xin LI wrote: >>> -----BEGIN PGP SIGNED MESSAGE----- >>> Hash: SHA1 >>> >>> Hi, >>> >>> Ok, some local users has prodded me in committing the "skeleton jail" >> >> [snip] >> >> Can you describe how this differs from the functionality provided by the >> ezjail port? (/usr/ports/sysutils/ezjail/) > > I think they have different targets. Skeleton jail is more lightweight > which is only very few lines of changes to the base system (i.e. the aim > is to provide convenient shortcut for common tasks, not to be a complete > solution); the functionality provided by skeleton jail, on the other > hand, could be useful building blocks to ezjail. Ezjail already has this skeleon feature. It's used for every jail you create with ezjail. You can then upadate this skeleton, and you update the basesystem of all jails at once. Your solution looks a little bit more generic, as you can use a different skeleton for each jail. The make installskel part could be compatible with ezjail, but I'm not sure if the rc.d part could be used easily by ezjail. Ezjail is nullfs-mounting (RO) the skeleton into each jail, and it has symlinks from the normal directory layout to the "/basejail/..." location. It creates the basejail by doing a full install and then removing some parts. Maybe you can have a look at ezjail to see the requirements of it? It's simple to setup, you just need to specify the path to the location where you want all jails to be installed to, and then you can install a jail (it does a buildworld if ou do not tell to skip this part, e.g. becuse you already did one yourself). Bye, Alexander. -- God said it, I believe it and that's all there is to it. http://www.Leidinger.net Alexander @ Leidinger.net: PGP ID = B0063FE7 http://www.FreeBSD.org netchild @ FreeBSD.org : PGP ID = 72077137 From bzeeb-lists at lists.zabbadoz.net Thu Feb 12 05:20:43 2009 From: bzeeb-lists at lists.zabbadoz.net (Bjoern A. Zeeb) Date: Thu Feb 12 05:20:50 2009 Subject: [RFC] Skeleton jail (rc.d feature proposal) In-Reply-To: <499244E6.9030205@delphij.net> References: <499244E6.9030205@delphij.net> Message-ID: <20090212122419.Q53478@maildrop.int.zabbadoz.net> On Tue, 10 Feb 2009, Xin LI wrote: Hi, PreS: I added freebsd-jail@ to Cc:. > Ok, some local users has prodded me in committing the "skeleton jail" > feature, I find it useful myself but not sure if it's appropriate to > commit it against -HEAD, so I'd like to explain it, try to present it in > a better way, and request for comments. I have seen lots of "skeleton jail" features the last years working with lots of different parties and I have a private one myself tied into some other stuff which is even more meagre than most. It's 2 files and 7 lines of sh and that's only because I am lazy. I have seen everything from sh scripts to install worlds/distribution for a jail, to the same and then remove stuff, unionfs tries and nullfs mounts. From mergemaster setups populating worlds for jail from private trees to restores from master images. Some were really nice, others were .. improvable. They all helped the people in their environment but few could use what the others had done in their environment. > The rc.d infrastructure would automatically mount the following > directories from the template (when not specified, /) as read-only: > > bin > lib > libexec > sbin > usr/bin > usr/include > usr/lib > usr/libdata > usr/libexec > usr/sbin > usr/share I do not have the following two on most/any of my machines: > usr/src > usr/obj The correct way to do this I think would leave rc.d/jail untouched and (pre-)populate an /etc/fstab. and use that. Considering that my last commit messages already said that Simon and I have big worries about all the features in /etc/rc.d/jail and would rather remove than than keep them and that this is basically two things: 1) pre-seed a jail hierachy and etc from a source tree 2) mount some nullfs into the jail on start, unmount on stop (I hope I didn't miss anything else) I am wondering if this large patch cannot be reduced to a few line sh script to seed the jail + fstab, not needing to fiddle with base for that. 1 #/bin/sh 2 # $1 is DESTDIR of the jail 3 # $2 is the jail name as in rc.conf 4 # $3 is the skel root to mount from 5 # other arguments are rw nullfs mounts 6 cd /usr/src 7 make hierachy DESTDIR=$1 8 make distribution DESTDIR=$1 9 for d in bin lib libexec ..; do 10 echo "$3/${d} $1/$3 nullfs ro 0 0" >> /etc/fstab.$2 11 done 12 shift; shift; shift 13 for d in bin lib libexec ..; do 14 echo "$3/${d} $1/$3 nullfs rw 0 0" >> /etc/fstab.$2 15 done 16 echo "Add jail_$2_mount_enable='YES' to /etc/rc.conf" This is untested and doesn't have error checking etc. I would even put it in a Makefile instead of doing it in sh. A lot more flexible than anything in base will ever be. Just my 5ct. /bz -- Bjoern A. Zeeb The greatest risk is not taking one. From kamikaze at bsdforen.de Sat Feb 14 14:40:06 2009 From: kamikaze at bsdforen.de (Dominic Fandrey) Date: Sat Feb 14 14:40:12 2009 Subject: conf/130414: [patch] rc services started with onestart are not stopped upon shutdown Message-ID: <200902142240.n1EMe4vc025651@freefall.freebsd.org> The following reply was made to PR conf/130414; it has been noted by GNATS. From: Dominic Fandrey To: bug-followup@FreeBSD.org, kamikaze@bsdforen.de Cc: Subject: Re: conf/130414: [patch] rc services started with onestart are not stopped upon shutdown Date: Sat, 14 Feb 2009 23:34:38 +0100 I've been using that for a month, now and it solves more problems for me than I actually had in mind without causing any problems. I really want to see this committed. Is there any reason not to do so? From bugmaster at FreeBSD.org Mon Feb 16 03:07:00 2009 From: bugmaster at FreeBSD.org (FreeBSD bugmaster) Date: Mon Feb 16 03:09:03 2009 Subject: Current problem reports assigned to freebsd-rc@FreeBSD.org Message-ID: <200902161106.n1GB6vXu096247@freefall.freebsd.org> Note: to view an individual PR, use: http://www.freebsd.org/cgi/query-pr.cgi?pr=(number). The following is a listing of current problems submitted by FreeBSD users. These represent problem reports covering all versions including experimental development code and obsolete releases. S Tracker Resp. Description -------------------------------------------------------------------------------- o conf/130414 rc [patch] rc services started with onestart are not stop o conf/128299 rc [patch] /etc/rc.d/geli does not mount partitions using o conf/127917 rc [patch] dumpon rejects on start with physmem>swap even o bin/126562 rc rcorder(8) fails to run unrelated startup scripts when o conf/126392 rc [patch] rc.conf ifconfig_xx keywords cannot be escaped o bin/126324 rc [patch] rc.d/tmp: Prevent mounting /tmp in second tim o conf/124747 rc [patch] savecore can't create dump from encrypted swap o conf/124248 rc [patch] add support for nice value for rc.d/jail + rc. o conf/123734 rc [patch] Chipset VIA CX700 requires extra initializatio o conf/123222 rc [patch] Add rtprio(1)/idprio(1) support to rc.subr(8). o conf/122477 rc [patch] /etc/rc.d/mdconfig and mdconfig2 are ignoring o conf/122170 rc [patch] [request] New feature: notify admin via page o o conf/122036 rc [rc.d]: Mounting at boot with ZFS causes a halt in boo o kern/121566 rc [nfs] [request] [patch] ethernet iface should be broug o conf/120431 rc [patch] devfs.rules are not initialized under certain o conf/120406 rc [devd] [patch] Handle newly attached pcm devices (eg. o conf/120228 rc [zfs] [patch] Split ZFS volume startup / ease ZFS swap o conf/120194 rc [patch] UFS volumes on ZVOLs cannot be fsck'd at boot o conf/119874 rc [patch] "/etc/rc.d/pf reload" fails if there are macro o conf/119076 rc [patch] [rc.d] /etc/rc.d/netif tries to remove alias a o bin/118325 rc [patch] [request] new periodic script to test statuses o conf/118255 rc savecore never finding kernel core dumps (rcorder prob o conf/117935 rc [patch] ppp fails to start at boot because of missing o conf/113915 rc [patch] ndis wireless driver fails to associate when i o conf/109980 rc /etc/rc.d/netif restart doesn't destroy cloned_interfa o conf/109562 rc [rc.d] [patch] [request] Make rc.d/devfs usable from c o conf/106009 rc [ppp] [patch] [request] Fix pppoed startup script to p o conf/105689 rc [ppp] [request] syslogd starts too late at boot o conf/105568 rc [patch] [request] Add more flexibility to rc.conf, to o conf/105145 rc [ppp] [patch] [request] add redial function to rc.d/pp o conf/104549 rc [patch] rc.d/nfsd needs special _find_processes functi o conf/102700 rc [geli] [patch] Add encrypted /tmp support to GELI/GBDE o conf/99721 rc [patch] /etc/rc.initdiskless problem copy dotfile in s o conf/99444 rc [patch] Enhancement: rc.subr could easily support star o conf/96343 rc [patch] rc.d order change to start inet6 before pf o conf/93815 rc [patch] Adds in the ability to save ipfw rules to rc.d o conf/92523 rc [patch] allow rc scripts to kill process after a timeo o conf/89870 rc [patch] [request] make netif verbose rc.conf toggle o conf/89061 rc [patch] IPv6 6to4 auto-configuration enhancement o conf/88913 rc [patch] wrapper support for rc.subr o conf/85819 rc [patch] script allowing multiuser mode in spite of fsc o kern/81006 rc ipnat not working with tunnel interfaces on startup o conf/77663 rc Suggestion: add /etc/rc.d/addnetswap after addcritremo o conf/73677 rc [patch] add support for powernow states to power_profi o conf/58939 rc [patch] dumb little hack for /etc/rc.firewall{,6} o conf/56934 rc [patch] rc.firewall rules for natd expect an interface o conf/45226 rc [patch] Fix for rc.network, ppp-user annoyance o conf/44170 rc [patch] Add ability to run multiple pppoed(8) on start 48 problems total. From ota at j.email.ne.jp Mon Feb 16 20:30:06 2009 From: ota at j.email.ne.jp (Yoshihiro Ota) Date: Mon Feb 16 20:30:13 2009 Subject: conf/128299: [patch] /etc/rc.d/geli does not mount partitions using both journal and eli Message-ID: <200902170430.n1H4U5Dx089636@freefall.freebsd.org> The following reply was made to PR conf/128299; it has been noted by GNATS. From: Yoshihiro Ota To: bug-followup@FreeBSD.org, mb@tns.cz Cc: Subject: Re: conf/128299: [patch] /etc/rc.d/geli does not mount partitions using both journal and eli Date: Mon, 16 Feb 2009 23:22:43 -0500 Hi, Martin. I think a patch at http://www.freebsd.org/cgi/query-pr.cgi?pr=kern/120091 fixes your porblem, too. Do you mind if you try and report it? Thanks, Hiro From mb at tns.cz Tue Feb 17 01:10:03 2009 From: mb at tns.cz (Martin Beran) Date: Tue Feb 17 01:10:10 2009 Subject: conf/128299: [patch] /etc/rc.d/geli does not mount partitions using both journal and eli Message-ID: <200902170910.n1H9A2jK037868@freefall.freebsd.org> The following reply was made to PR conf/128299; it has been noted by GNATS. From: Martin Beran To: bug-followup@FreeBSD.org, Yoshihiro Ota Cc: Subject: Re: conf/128299: [patch] /etc/rc.d/geli does not mount partitions using both journal and eli Date: Tue, 17 Feb 2009 09:50:13 +0100 On Mon, Feb 16, 2009 at 11:22:43PM -0500, Yoshihiro Ota wrote: Hi, Hiro, > I think a patch at http://www.freebsd.org/cgi/query-pr.cgi?pr=kern/120091 > fixes your porblem, too. > > Do you mind if you try and report it? I tried the patch. It solves the second half of the problem - mounting a DEVICE.eli.journal. But for successful mount of both DEVICE.eli.journal and DEVICE.journal.eli, I still need my patch for /etc/rc.d/geli and /etc/rc.d/geli2. Otherwise, I get: eval: ${geli_ad0s2d....}: Bad substitution Running "sh -x /etc/rc.d/geli start" reveals the reason of this error: ... + geli_expand_entry /dev/ad0s2d.journal.eli + local devices3 + local entry dev tail + tail=/dev/ad0s2d.journal.eli + true + dev=/dev/ad0s2d.journal.eli + devices3= /dev/ad0s2d.journal.eli + tail= + break + dev= + echo /dev/ad0s2d.journal.eli + devices=/dev/ad0s2d.journal.eli + provider=/dev/ad0s2d.journal + provider=ad0s2d.journal + devices2= ad0s2d.journal + echo ad0s2d.journal + devices=ad0s2d.journal + [ -z ] + [ -n ] + /sbin/sysctl -n kern.geom.eli.tries + geli_tries=3 + ltr ad0s2d.journal / _ + local _str _src _dst _out _com + _str=ad0s2d.journal + _src=/ + _dst=_ + _out= + IFS=/ + [ -z ] + _out=ad0s2d.journal + echo ad0s2d.journal + provider_=ad0s2d.journal + eval flags=${geli_ad0s2d.journal_flags} eval: ${geli_ad0s2d....}: Bad substitution -- Martin Beran From delphij at delphij.net Thu Feb 19 17:16:31 2009 From: delphij at delphij.net (Xin LI) Date: Thu Feb 19 17:16:50 2009 Subject: [RFC] Skeleton jail (rc.d feature proposal) In-Reply-To: <20090212122419.Q53478@maildrop.int.zabbadoz.net> References: <499244E6.9030205@delphij.net> <20090212122419.Q53478@maildrop.int.zabbadoz.net> Message-ID: <499E0463.2070608@delphij.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, Bjoern, Bjoern A. Zeeb wrote: [...] > I do not have the following two on most/any of my machines: > >> usr/src >> usr/obj I agree. > The correct way to do this I think would leave rc.d/jail untouched and > (pre-)populate an /etc/fstab. and use that. I do not think this is a very good approach for this use case. Making it an rc.conf option, enables the following tasks as a one-liner change: - Enabling/Disabling skeleton jail (how will the system perform if I have the template directories read-only?); - Switching template root (what will happen if switch from 7.1 userland to 7.2 userland?); - Change mount points within all jails. I do admit that all these can be done with scripts though. Cheers, - -- Xin LI http://www.delphij.net/ FreeBSD - The Power to Serve! -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.10 (FreeBSD) iEYEARECAAYFAkmeBGIACgkQi+vbBBjt66A4GgCgsBo4b6PNTVDX3/3SCyv/ezXI 6+wAn2KZFdazhFjyyf0RPFHP6+8YpyPS =rHFi -----END PGP SIGNATURE----- From quakelee at geekcn.org Thu Feb 19 18:20:11 2009 From: quakelee at geekcn.org (Chao Shin) Date: Thu Feb 19 18:20:24 2009 Subject: [RFC] Skeleton jail (rc.d feature proposal) In-Reply-To: <499E0463.2070608@delphij.net> References: <499244E6.9030205@delphij.net> <20090212122419.Q53478@maildrop.int.zabbadoz.net> <499E0463.2070608@delphij.net> Message-ID: ? Fri, 20 Feb 2009 09:16:19 +0800?Xin LI ??: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hi, Bjoern, > > Bjoern A. Zeeb wrote: > [...] >> I do not have the following two on most/any of my machines: >> >>> usr/src >>> usr/obj > > I agree. > >> The correct way to do this I think would leave rc.d/jail untouched and >> (pre-)populate an /etc/fstab. and use that. > > I do not think this is a very good approach for this use case. > > Making it an rc.conf option, enables the following tasks as a one-liner > change: > - Enabling/Disabling skeleton jail (how will the system perform if I > have the template directories read-only?); > - Switching template root (what will happen if switch from 7.1 userland > to 7.2 userland?); > - Change mount points within all jails. > > I do admit that all these can be done with scripts though. > > Cheers, > - -- > Xin LI http://www.delphij.net/ > FreeBSD - The Power to Serve! > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v2.0.10 (FreeBSD) > > iEYEARECAAYFAkmeBGIACgkQi+vbBBjt66A4GgCgsBo4b6PNTVDX3/3SCyv/ezXI > 6+wAn2KZFdazhFjyyf0RPFHP6+8YpyPS > =rHFi > -----END PGP SIGNATURE----- > _______________________________________________ > freebsd-current@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-current > To unsubscribe, send any mail to > "freebsd-current-unsubscribe@freebsd.org" I think I like Li Xin's way. I have set a jail host in my company with Li Xin's patch, it didn't change the usage of original jail system, just add a make target in /usr/src/Makefile, I can use skeleton jail and original jail in one jail host. They have not much differents in rc.conf, if want skeleton, I just add two options with normal settings. It is compatible way with orignal design. quakelee -- The Power to Serve From simon at FreeBSD.org Fri Feb 20 11:23:16 2009 From: simon at FreeBSD.org (Simon L. Nielsen) Date: Fri Feb 20 11:26:48 2009 Subject: [RFC] Skeleton jail (rc.d feature proposal) In-Reply-To: <499244E6.9030205@delphij.net> References: <499244E6.9030205@delphij.net> Message-ID: <20090220192312.GD1064@arthur.nitro.dk> On 2009.02.10 19:24:22 -0800, Xin LI wrote: > Ok, some local users has prodded me in committing the "skeleton jail" > feature, I find it useful myself but not sure if it's appropriate to > commit it against -HEAD, so I'd like to explain it, try to present it in This complicates an already complicated etc/rc.d/jail script so I think this is a very bad idea. rc.d/jail is already interesting enough security wise as it is IMO. If anyone wants this very much think it should be done in an "external" (to etc/rc.d/jail) jail management system/script. Personally I have been very happy with ezjail, and I think having a script like that "externally" is a much better way to go. If that means importing ezjail or making something like it I don't know. -- Simon L. Nielsen From bugmaster at FreeBSD.org Mon Feb 23 03:07:00 2009 From: bugmaster at FreeBSD.org (FreeBSD bugmaster) Date: Mon Feb 23 03:09:26 2009 Subject: Current problem reports assigned to freebsd-rc@FreeBSD.org Message-ID: <200902231106.n1NB6wnh055626@freefall.freebsd.org> Note: to view an individual PR, use: http://www.freebsd.org/cgi/query-pr.cgi?pr=(number). The following is a listing of current problems submitted by FreeBSD users. These represent problem reports covering all versions including experimental development code and obsolete releases. S Tracker Resp. Description -------------------------------------------------------------------------------- o conf/130414 rc [patch] rc services started with onestart are not stop o conf/128299 rc [patch] /etc/rc.d/geli does not mount partitions using o conf/127917 rc [patch] dumpon rejects on start with physmem>swap even o bin/126562 rc rcorder(8) fails to run unrelated startup scripts when o conf/126392 rc [patch] rc.conf ifconfig_xx keywords cannot be escaped o bin/126324 rc [patch] rc.d/tmp: Prevent mounting /tmp in second tim o conf/124747 rc [patch] savecore can't create dump from encrypted swap o conf/124248 rc [patch] add support for nice value for rc.d/jail + rc. o conf/123734 rc [patch] Chipset VIA CX700 requires extra initializatio o conf/123222 rc [patch] Add rtprio(1)/idprio(1) support to rc.subr(8). o conf/122477 rc [patch] /etc/rc.d/mdconfig and mdconfig2 are ignoring o conf/122170 rc [patch] [request] New feature: notify admin via page o o conf/122036 rc [rc.d]: Mounting at boot with ZFS causes a halt in boo o kern/121566 rc [nfs] [request] [patch] ethernet iface should be broug o conf/120431 rc [patch] devfs.rules are not initialized under certain o conf/120406 rc [devd] [patch] Handle newly attached pcm devices (eg. o conf/120228 rc [zfs] [patch] Split ZFS volume startup / ease ZFS swap o conf/120194 rc [patch] UFS volumes on ZVOLs cannot be fsck'd at boot o conf/119874 rc [patch] "/etc/rc.d/pf reload" fails if there are macro o conf/119076 rc [patch] [rc.d] /etc/rc.d/netif tries to remove alias a o bin/118325 rc [patch] [request] new periodic script to test statuses o conf/118255 rc savecore never finding kernel core dumps (rcorder prob o conf/117935 rc [patch] ppp fails to start at boot because of missing o conf/113915 rc [patch] ndis wireless driver fails to associate when i o conf/109980 rc /etc/rc.d/netif restart doesn't destroy cloned_interfa o conf/109562 rc [rc.d] [patch] [request] Make rc.d/devfs usable from c o conf/106009 rc [ppp] [patch] [request] Fix pppoed startup script to p o conf/105689 rc [ppp] [request] syslogd starts too late at boot o conf/105568 rc [patch] [request] Add more flexibility to rc.conf, to o conf/105145 rc [ppp] [patch] [request] add redial function to rc.d/pp o conf/104549 rc [patch] rc.d/nfsd needs special _find_processes functi o conf/102700 rc [geli] [patch] Add encrypted /tmp support to GELI/GBDE o conf/99721 rc [patch] /etc/rc.initdiskless problem copy dotfile in s o conf/99444 rc [patch] Enhancement: rc.subr could easily support star o conf/96343 rc [patch] rc.d order change to start inet6 before pf o conf/93815 rc [patch] Adds in the ability to save ipfw rules to rc.d o conf/92523 rc [patch] allow rc scripts to kill process after a timeo o conf/89870 rc [patch] [request] make netif verbose rc.conf toggle o conf/89061 rc [patch] IPv6 6to4 auto-configuration enhancement o conf/88913 rc [patch] wrapper support for rc.subr o conf/85819 rc [patch] script allowing multiuser mode in spite of fsc o kern/81006 rc ipnat not working with tunnel interfaces on startup o conf/77663 rc Suggestion: add /etc/rc.d/addnetswap after addcritremo o conf/73677 rc [patch] add support for powernow states to power_profi o conf/58939 rc [patch] dumb little hack for /etc/rc.firewall{,6} o conf/56934 rc [patch] rc.firewall rules for natd expect an interface o conf/45226 rc [patch] Fix for rc.network, ppp-user annoyance o conf/44170 rc [patch] Add ability to run multiple pppoed(8) on start 48 problems total. From ota at j.email.ne.jp Wed Feb 25 18:40:03 2009 From: ota at j.email.ne.jp (Yoshihiro Ota) Date: Wed Feb 25 18:40:09 2009 Subject: conf/128299: [patch] /etc/rc.d/geli does not mount partitions using both journal and eli Message-ID: <200902260240.n1Q2e26p023831@freefall.freebsd.org> The following reply was made to PR conf/128299; it has been noted by GNATS. From: Yoshihiro Ota To: bug-followup@FreeBSD.org Cc: mb@tns.cz Subject: Re: conf/128299: [patch] /etc/rc.d/geli does not mount partitions using both journal and eli Date: Wed, 25 Feb 2009 21:31:03 -0500 I see it now. I forgot how I tested it but it seems I only tested "geli_expand_entry" function. I remember that it extracted multiple occurrences of .eli's in a single path. I think I only tested .eli.journal really would get mounted as I didn't have any devices to test with. By the way, I don't think DEVICE.journal.eli will be helpful. Journaing needs to be fs-aware. It logs the records of file system updates. However, if you put GEOM eli on top of it, DEVICE.journal only sees encripted block and as a result, gournaling is effectively disabled. In another word, it needs to be the last GEOM layer. Is that right? Regards, Hiro