From owner-freebsd-ports-bugs@FreeBSD.ORG Sun Jun 2 00:50:02 2013 Return-Path: Delivered-To: freebsd-ports-bugs@smarthost.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115]) by hub.freebsd.org (Postfix) with ESMTP id BFD95C00 for ; Sun, 2 Jun 2013 00:50:02 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) by mx1.freebsd.org (Postfix) with ESMTP id 56AE575F for ; Sun, 2 Jun 2013 00:50:02 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.7/8.14.7) with ESMTP id r520o0Yf053794 for ; Sun, 2 Jun 2013 00:50:00 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.7/8.14.7/Submit) id r520o0fU053793; Sun, 2 Jun 2013 00:50:00 GMT (envelope-from gnats) Resent-Date: Sun, 2 Jun 2013 00:50:00 GMT Resent-Message-Id: <201306020050.r520o0fU053793@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-ports-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Joe Barbish Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115]) by hub.freebsd.org (Postfix) with ESMTP id 65C47BE8 for ; Sun, 2 Jun 2013 00:47:20 +0000 (UTC) (envelope-from nobody@FreeBSD.org) Received: from oldred.FreeBSD.org (oldred.freebsd.org [8.8.178.121]) by mx1.freebsd.org (Postfix) with ESMTP id 57DB6753 for ; Sun, 2 Jun 2013 00:47:20 +0000 (UTC) Received: from oldred.FreeBSD.org ([127.0.1.6]) by oldred.FreeBSD.org (8.14.5/8.14.5) with ESMTP id r520lJdH022447 for ; Sun, 2 Jun 2013 00:47:19 GMT (envelope-from nobody@oldred.FreeBSD.org) Received: (from nobody@localhost) by oldred.FreeBSD.org (8.14.5/8.14.5/Submit) id r520lJHD022446; Sun, 2 Jun 2013 00:47:19 GMT (envelope-from nobody) Message-Id: <201306020047.r520lJHD022446@oldred.FreeBSD.org> Date: Sun, 2 Jun 2013 00:47:19 GMT From: Joe Barbish To: freebsd-gnats-submit@FreeBSD.org X-Send-Pr-Version: www-3.1 Subject: ports/179184: [Maintainer update] sysutils/qjail rewrite using jail(8) type jails X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 02 Jun 2013 00:50:02 -0000 >Number: 179184 >Category: ports >Synopsis: [Maintainer update] sysutils/qjail rewrite using jail(8) type jails >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: maintainer-update >Submitter-Id: current-users >Arrival-Date: Sun Jun 02 00:50:00 UTC 2013 >Closed-Date: >Last-Modified: >Originator: Joe Barbish >Release: 9.1-RELEASE i386 >Organization: none >Environment: >Description: qjail-3.0 has been rewritten to use jail(8) type jail definition parameters with extended parameter options for per jail securelevel, cpuset.id, exec.fib, allow.raw_sockets, allow.quotas, allow.mount.nullfs, allow.mount.zfs, vnet.interface, and vnet. vnet/vimage jails with or with out ipfw firewall and if_bridge/epair or netgraph networks. NOTE to committer: qjail-3.0 is NOT a replacement for qjail-2.2 which is currently in the ports system. qjail-2.2 is the last version to support the 8.x distribution file format. qjail-2.2 must remain in the ports system until the "end of life" of the 8.x series of releases. qjail-3.0 only supports the 9.0 distribution file format and the new jail(8) jail type. Please place qjail-3.0 a long side the current qjail-2.2 version so both exist at same time in the ports system. >How-To-Repeat: >Fix: Patch attached with submission follows: diff -ruN qjail-2.2/Makefile qjail/Makefile --- qjail-2.2/Makefile 2013-04-26 14:21:32.000000000 -0400 +++ qjail/Makefile 2013-05-28 13:19:47.000000000 -0400 @@ -2,7 +2,7 @@ # $FreeBSD: sysutils/qjail/Makefile 314731 2013-03-20 13:17:23Z bdrewery $ PORTNAME= qjail -PORTVERSION= 2.2 +PORTVERSION= 3.0 CATEGORIES= sysutils MASTER_SITES= SF/${PORTNAME} @@ -12,7 +12,7 @@ USE_BZIP2= yes NO_BUILD= yes -MAN8= qjail.8 qjail-intro.8 qjail.conf.8 qjail-howto.8 +MAN8= qjail.8 qjail-intro.8 qjail-howto.8 post-patch: @${FIND} ${WRKSRC} -type f | ${XARGS} ${REINPLACE_CMD} \ @@ -21,11 +21,11 @@ do-install: @${INSTALL_SCRIPT} ${WRKSRC}/qjail ${PREFIX}/bin - @${INSTALL_SCRIPT} ${WRKSRC}/qjail2 ${PREFIX}/etc/rc.d - @${INSTALL_SCRIPT} ${WRKSRC}/qjail-jail2 ${PREFIX}/etc/rc.d - @${INSTALL_DATA} ${WRKSRC}/qjail.conf.sample ${PREFIX}/etc + @${INSTALL_SCRIPT} ${WRKSRC}/qjail.vnet.be ${PREFIX}/bin + @${INSTALL_SCRIPT} ${WRKSRC}/qjail.vnet.ng ${PREFIX}/bin + @${INSTALL_SCRIPT} ${WRKSRC}/qjail.bootime ${PREFIX}/etc/rc.d @${INSTALL_DATA} ${WRKSRC}/qjail.portsnap.conf ${PREFIX}/etc -.for i in qjail qjail-intro qjail.conf qjail-howto +.for i in qjail qjail-intro qjail-howto @${INSTALL_MAN} ${WRKSRC}/${i}.8 ${MAN8PREFIX}/man/man8 .endfor # note examples are mandatory. qjail will not function without them diff -ruN qjail-2.2/distinfo qjail/distinfo --- qjail-2.2/distinfo 2013-04-26 14:24:21.000000000 -0400 +++ qjail/distinfo 2013-05-31 08:49:18.000000000 -0400 @@ -1,2 +1,2 @@ -SHA256 (qjail-2.2.tar.bz2) = ae7b64b3ecfa2b3db5880e3e7e38fc5e6f4ad8e51353d4343e37ef4c0dab1912 -SIZE (qjail-2.2.tar.bz2) = 56888 +SHA256 (qjail-3.0.tar.bz2) = 73a086651c8ee0ecaf2e22ba2951567250abac562d09284f80a78001eb6d8b3f +SIZE (qjail-3.0.tar.bz2) = 119727 diff -ruN qjail-2.2/pkg-descr qjail/pkg-descr --- qjail-2.2/pkg-descr 2013-04-26 13:09:21.000000000 -0400 +++ qjail/pkg-descr 2013-04-26 12:56:49.000000000 -0400 @@ -1,13 +1,20 @@ -This is the last version that handles both the 8.x and 9.x install -media formats. - Qjail [ q = quick ] is a 4th generation wrapper for the basic chroot jail system that includes security and performance enhancements. Plus a new level of "user friendliness" enhancements dealing with deploying just a few jails or large jail environments consisting of 100's of jails. +This verison of qjail has been converted from using the legacy rc.d-method as +used in all pervious versions of qjail, to using the jail(8) jail.conf-method +available in RELEASE-9.1. This upgrade provides the ability to enable the +following new options on a per-jail basis. exec.fib, allow.raw_sockets, +allow.quotas, allow.mount.nullfs, allow.mount.zfs, cpuset.id, securelevel, +vnet.interface, and vnet. The vnet option gives a jail its own network stack +using the experamental vimage software. This qjail version is not functional +for RELEASES older than RELEASE-9.1. The vnet option has only been tested on +i386 and amd64 equipment. + Qjail requires no knowledge of the jail command usage. It uses "nullfs" for -read-only system binaries, sharing one copy of them with all the jails. +read-only system executables, sharing one copy of them with all the jails. Uses "mdconfig" to create sparse image jails. Sparse image jails provide a method to limit the total disk space a jail can consume, while only occupying diff -ruN qjail-2.2/pkg-plist qjail/pkg-plist --- qjail-2.2/pkg-plist 2013-04-26 13:01:01.000000000 -0400 +++ qjail/pkg-plist 2013-05-28 13:22:40.000000000 -0400 @@ -1,17 +1,23 @@ bin/qjail -etc/qjail.conf.sample +bin/qjail.vnet.be +bin/qjail.vnet.ng etc/qjail.portsnap.conf -etc/rc.d/qjail-jail2 -etc/rc.d/qjail2 +etc/rc.d/qjail.bootime +%%EXAMPLESDIR%%/vnet/jail.amd64 +%%EXAMPLESDIR%%/vnet/jail.i386 +%%EXAMPLESDIR%%/vnet/nullfs.diff +%%EXAMPLESDIR%%/vnet/ipfw.rules.host +%%EXAMPLESDIR%%/vnet/ipfw.rules.vnet +%%EXAMPLESDIR%%/vnet/ipf.rules.host +%%EXAMPLESDIR%%/vnet/ipf.rules.vnet +%%EXAMPLESDIR%%/vnet/pf.rules.host +%%EXAMPLESDIR%%/vnet/pf.rules.vnet %%EXAMPLESDIR%%/default/etc/make.conf %%EXAMPLESDIR%%/default/etc/motd %%EXAMPLESDIR%%/default/etc/periodic.conf %%EXAMPLESDIR%%/default/etc/rc.conf %%EXAMPLESDIR%%/default/root/.cshrc %%EXAMPLESDIR%%/default/usr/local/etc/sudoers -%%EXAMPLESDIR%%/nullmailer-example/etc/mail/mailer.conf -%%EXAMPLESDIR%%/nullmailer-example/etc/rc.conf -%%EXAMPLESDIR%%/nullmailer-example/usr/local/etc/nullmailer/remotes %%EXAMPLESDIR%%/ssh-default/etc/group %%EXAMPLESDIR%%/ssh-default/etc/make.conf %%EXAMPLESDIR%%/ssh-default/etc/master.passwd @@ -32,6 +38,12 @@ %%EXAMPLESDIR%%/ssh-default/usr/home/qjail/.rhosts %%EXAMPLESDIR%%/ssh-default/usr/home/qjail/.shrc %%EXAMPLESDIR%%/ssh-default/usr/local/etc/sudoers +@dirrm %%EXAMPLESDIR%%/default/usr/local/etc +@dirrm %%EXAMPLESDIR%%/default/usr/local +@dirrm %%EXAMPLESDIR%%/default/usr +@dirrm %%EXAMPLESDIR%%/default/root +@dirrm %%EXAMPLESDIR%%/default/etc +@dirrm %%EXAMPLESDIR%%/default @dirrm %%EXAMPLESDIR%%/ssh-default/usr/home/qjail @dirrm %%EXAMPLESDIR%%/ssh-default/usr/home @dirrm %%EXAMPLESDIR%%/ssh-default/usr/local/etc @@ -41,17 +53,5 @@ @dirrm %%EXAMPLESDIR%%/ssh-default/etc/ssh @dirrm %%EXAMPLESDIR%%/ssh-default/etc @dirrm %%EXAMPLESDIR%%/ssh-default -@dirrm %%EXAMPLESDIR%%/nullmailer-example/usr/local/etc/nullmailer -@dirrm %%EXAMPLESDIR%%/nullmailer-example/usr/local/etc -@dirrm %%EXAMPLESDIR%%/nullmailer-example/usr/local -@dirrm %%EXAMPLESDIR%%/nullmailer-example/usr -@dirrm %%EXAMPLESDIR%%/nullmailer-example/etc/mail -@dirrm %%EXAMPLESDIR%%/nullmailer-example/etc -@dirrm %%EXAMPLESDIR%%/nullmailer-example -@dirrm %%EXAMPLESDIR%%/default/usr/local/etc -@dirrm %%EXAMPLESDIR%%/default/usr/local -@dirrm %%EXAMPLESDIR%%/default/usr -@dirrm %%EXAMPLESDIR%%/default/root -@dirrm %%EXAMPLESDIR%%/default/etc -@dirrm %%EXAMPLESDIR%%/default +@dirrm %%EXAMPLESDIR%%/vnet @dirrm %%EXAMPLESDIR%% >Release-Note: >Audit-Trail: >Unformatted: