From owner-freebsd-jail@FreeBSD.ORG  Fri Jan 16 00:00:14 2015
Return-Path: <owner-freebsd-jail@FreeBSD.ORG>
Delivered-To: freebsd-jail@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 4BFD1405
 for <freebsd-jail@freebsd.org>; Fri, 16 Jan 2015 00:00:14 +0000 (UTC)
Received: from plane.gmane.org (plane.gmane.org [80.91.229.3])
 (using TLSv1 with cipher AES256-SHA (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 097EA3E6
 for <freebsd-jail@freebsd.org>; Fri, 16 Jan 2015 00:00:13 +0000 (UTC)
Received: from list by plane.gmane.org with local (Exim 4.69)
 (envelope-from <gofj-freebsd-jail@m.gmane.org>) id 1YBuKa-0004cu-NY
 for freebsd-jail@freebsd.org; Fri, 16 Jan 2015 01:00:04 +0100
Received: from 95.90.211.143 ([95.90.211.143])
 by main.gmane.org with esmtp (Gmexim 0.1 (Debian))
 id 1AlnuQ-0007hv-00
 for <freebsd-jail@freebsd.org>; Fri, 16 Jan 2015 01:00:04 +0100
Received: from maciej by 95.90.211.143 with local (Gmexim 0.1 (Debian))
 id 1AlnuQ-0007hv-00
 for <freebsd-jail@freebsd.org>; Fri, 16 Jan 2015 01:00:04 +0100
X-Injected-Via-Gmane: http://gmane.org/
To: freebsd-jail@freebsd.org
From: Maciej Pasternacki <maciej@pasternacki.net>
Subject: [ANN] Jetpack - jail/zfs based container runtime prototype
Date: Thu, 15 Jan 2015 23:36:42 +0000 (UTC)
Lines: 12
Message-ID: <slrnmbgjo7.ln1.maciej@portinary.local.pasternacki.net>
X-Complaints-To: usenet@ger.gmane.org
X-Gmane-NNTP-Posting-Host: 95.90.211.143
User-Agent: slrn/1.0.2/mm (Darwin)
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.18-1
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-jail>,
 <mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail/>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
 <mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 16 Jan 2015 00:00:14 -0000

Hello,

I have just published Jetpack: prototype implementation of a container runtime
(in a CoreOS Rocket or Docker style), based on the App Container Specification
from CoreOS, built on FreeBSD jails and ZFS. It is an incomplete prototype, but
the basic functionality is there, and I would appreciate any feedback or input
on the project.

The code is available at https://github.com/3ofcoins/jetpack

Have fun with it!
-- Maciej


From owner-freebsd-jail@FreeBSD.ORG  Fri Jan 16 00:56:47 2015
Return-Path: <owner-freebsd-jail@FreeBSD.ORG>
Delivered-To: freebsd-jail@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id A16D9D6D
 for <freebsd-jail@freebsd.org>; Fri, 16 Jan 2015 00:56:47 +0000 (UTC)
Received: from mail-la0-x235.google.com (mail-la0-x235.google.com
 [IPv6:2a00:1450:4010:c03::235])
 (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 3E213B51
 for <freebsd-jail@freebsd.org>; Fri, 16 Jan 2015 00:56:47 +0000 (UTC)
Received: by mail-la0-f53.google.com with SMTP id gm9so16580216lab.12
 for <freebsd-jail@freebsd.org>; Thu, 15 Jan 2015 16:56:45 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
 h=mime-version:in-reply-to:references:date:message-id:subject:from:to
 :cc:content-type;
 bh=pCOZkAkOhore3StkV44zNQT9fhMICpX3B93M9X2+dQE=;
 b=yTgaOFTHr/trrfkdwLM1uU9mYO6GH4n+MP39VMfNMqo/gJwuLf5V0Tohicx/UhVsrL
 GT61xWNQ3wgzHjWfLeDvmm6TuGXKBy8gZdxu9exj3sY1AG1suHdAy+FlFtOja990sk5K
 Pf4Sf1n/O7Gx3TX8CR6TqwV93vU3Hag/1CoN7lLp5UnfS2hgfWxGokfSWR+CSGa3D9Lg
 sV6EV/e3obMBO1EobByYFp3EWTRSuEdkTBwbYiMUI4PzK04yrEQ4DTUE4pTM4RqEMctZ
 2w3B4rZqkQs6bwSrAeCbmV+nerzls4DMBBI/XZJJ7snOyf4GLQ+MNs8nndk3OTZTHqU7
 1HbQ==
MIME-Version: 1.0
X-Received: by 10.152.115.146 with SMTP id jo18mr13064362lab.9.1421369805168; 
 Thu, 15 Jan 2015 16:56:45 -0800 (PST)
Received: by 10.25.16.224 with HTTP; Thu, 15 Jan 2015 16:56:45 -0800 (PST)
In-Reply-To: <slrnmbgjo7.ln1.maciej@portinary.local.pasternacki.net>
References: <slrnmbgjo7.ln1.maciej@portinary.local.pasternacki.net>
Date: Fri, 16 Jan 2015 13:56:45 +1300
Message-ID: <CAEUAJxtTwT9z-oHrknWuZDZBCHHNfXzk4fCe7nqEpneTwfEaQA@mail.gmail.com>
Subject: Re: [ANN] Jetpack - jail/zfs based container runtime prototype
From: Peter Toth <peter.toth198@gmail.com>
To: Maciej Pasternacki <maciej@pasternacki.net>
Content-Type: text/plain; charset=UTF-8
X-Content-Filtered-By: Mailman/MimeDel 2.1.18-1
Cc: freebsd-jail@freebsd.org
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.18-1
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-jail>,
 <mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail/>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
 <mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 16 Jan 2015 00:56:47 -0000

Hi Maciej,

Interesting work! Done something similar with ZFS and Jails
https://github.com/pannon/iocage - originated before the Docker age.
FreeBSD jails have a lot of potential and are fare more mature than any of
the Linux alternatives.

Seems that you are catering for Linux as well in the Jail :)

Keep up the good work!

Cheers
Peter


On Fri, Jan 16, 2015 at 12:36 PM, Maciej Pasternacki <maciej@pasternacki.net
> wrote:

> Hello,
>
> I have just published Jetpack: prototype implementation of a container
> runtime
> (in a CoreOS Rocket or Docker style), based on the App Container
> Specification
> from CoreOS, built on FreeBSD jails and ZFS. It is an incomplete
> prototype, but
> the basic functionality is there, and I would appreciate any feedback or
> input
> on the project.
>
> The code is available at https://github.com/3ofcoins/jetpack
>
> Have fun with it!
> -- Maciej
>
> _______________________________________________
> freebsd-jail@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-jail
> To unsubscribe, send any mail to "freebsd-jail-unsubscribe@freebsd.org"
>

From owner-freebsd-jail@FreeBSD.ORG  Sat Jan 17 18:04:03 2015
Return-Path: <owner-freebsd-jail@FreeBSD.ORG>
Delivered-To: freebsd-jail@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id EF467F99
 for <freebsd-jail@freebsd.org>; Sat, 17 Jan 2015 18:04:03 +0000 (UTC)
Received: from mail-lb0-x231.google.com (mail-lb0-x231.google.com
 [IPv6:2a00:1450:4010:c04::231])
 (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 71BAD7BF
 for <freebsd-jail@freebsd.org>; Sat, 17 Jan 2015 18:04:03 +0000 (UTC)
Received: by mail-lb0-f177.google.com with SMTP id b6so22767315lbj.8
 for <freebsd-jail@freebsd.org>; Sat, 17 Jan 2015 10:04:01 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
 h=mime-version:date:message-id:subject:from:to:content-type;
 bh=tWGDzG3U/u3IxB2s74weMhBU1gwBxSXkODJyd/ZoYSs=;
 b=aPEcTQl96eEsT9g0qDpS5his3OdKNhvXQWsDZyMvusp+nuXzYFbva+AN0ol/qiN78v
 G1T1k51qsOR7BddJ0rSi/ekWhCUuIuq0RV5T05i8Q4Y8Q7eLFSlbrQpT7SBHbA/UhV38
 SdhrdbRkDEnc6I/t2uVaNRakQG1BOCw1wdr42CtTGflQroBPyuPVsAnVKWuQN09soBQ4
 +FNMVeBMx+IB2trVMunJUb/09bQAV7JZlzB6mCKHMmVrun0pezu0dlwhl+puJ60TMBNK
 KcoPcUMxVkih/paEGglmNC36aqakvqbgHkPyVu1hIHc4t7XiehotbbLgfMAZS6vhS9Zo
 yLrQ==
MIME-Version: 1.0
X-Received: by 10.112.38.4 with SMTP id c4mr21720366lbk.46.1421517841359; Sat,
 17 Jan 2015 10:04:01 -0800 (PST)
Received: by 10.114.216.163 with HTTP; Sat, 17 Jan 2015 10:04:01 -0800 (PST)
Date: Sat, 17 Jan 2015 10:04:01 -0800
Message-ID: <CAP1HOmTn1C8tHOgg5iOw9ZKVhyjjT_O04wqJrOYqCQrQbdF1uw@mail.gmail.com>
Subject: Jail in zfs filesystem: non-root user has no access
From: javocado <javocado@gmail.com>
To: freebsd-jail@freebsd.org
Content-Type: text/plain; charset=UTF-8
X-Content-Filtered-By: Mailman/MimeDel 2.1.18-1
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.18-1
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-jail>,
 <mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail/>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
 <mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 17 Jan 2015 18:04:04 -0000

System: FreeBSD 8.4 amd

We have a jail in a zfs filesystem with the following create properties:

zpool create -O devices=off -O atime=off -O setuid=off -O exec=off -O
compression=on ...

zfs create -o devices=off -o atime=off -o setuid=off -o compression=on -o
...

Everything works and runs fine, but when we try to do anything as a
non-root user we run into issues:

ssh user@x.x.x.x
Password:
Last login: Thu Jan 15 16:40:14 2015 from 209.242.167.133
Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994
The Regents of the University of California.  All rights reserved.

Could not chdir to home directory /home/user: Permission denied
/bin/csh: Permission denied
Connection to x.x.x.x closed.

----------------

[root @ xxxxx] /# su user
su: /bin/sh: Permission denied

----------------

Permissions on the dir are fine:

# ll
 1 lrwxr-xr-x    1 root  wheel     8 Jan 11  2012 home@ -> usr/home
...

# ll usr
24 drwxr-xr-x  17 root  wheel   17 Jan 11  2012 ./
24 drwx------  18 root  wheel   23 Jan 11  2012 ../
...

# ll usr/home
24 drwxr-xr-x   3 root  wheel   3 Jan 11  2012 ./
24 drwxr-xr-x  17 root  wheel  17 Jan 11  2012 ../
24 drwxr-xr-x   2 user  user   10 Jan 11  2012 user/


My suspicion is it has to do with the setuid=off or exec=off on the pool,
since these settings set to "=on" on the zfs device itself have no impact.
But, before I tinker with the pool...which I'm not prepared to do for other
security-related reasons, I wanted to confirm what may be causing this.

Thanks!

From owner-freebsd-jail@FreeBSD.ORG  Sat Jan 17 18:08:32 2015
Return-Path: <owner-freebsd-jail@FreeBSD.ORG>
Delivered-To: freebsd-jail@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 579E7D3
 for <freebsd-jail@freebsd.org>; Sat, 17 Jan 2015 18:08:32 +0000 (UTC)
Received: from mail-ig0-x22d.google.com (mail-ig0-x22d.google.com
 [IPv6:2607:f8b0:4001:c05::22d])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 18DCF7EA
 for <freebsd-jail@freebsd.org>; Sat, 17 Jan 2015 18:08:31 +0000 (UTC)
Received: by mail-ig0-f173.google.com with SMTP id a13so8144633igq.0
 for <freebsd-jail@freebsd.org>; Sat, 17 Jan 2015 10:08:31 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=dataix.net; s=rsa;
 h=content-type:mime-version:subject:from:in-reply-to:date:cc
 :content-transfer-encoding:message-id:references:to;
 bh=tDuHTFR0AQNxQ8BP6eGEmNGGV3zhoXxlmuyPLE/kAWk=;
 b=KXKDbJBwqurJ0Mo05vJ6Iw3IEdrJELBchCz0Eco5xcmwe6uWOsGAowuzltDZ8BZ2XM
 XjpgT0P76QTXAjQiUy/CzdbLM4McgqXA1gG5u05pQCVKKZsjDXpyHXyeFLxPF7QzqnfU
 3FuB/sU7v8G8UCcPtvPaA6+22exJ0EFLyXm/Y=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20130820;
 h=x-gm-message-state:content-type:mime-version:subject:from
 :in-reply-to:date:cc:content-transfer-encoding:message-id:references
 :to; bh=tDuHTFR0AQNxQ8BP6eGEmNGGV3zhoXxlmuyPLE/kAWk=;
 b=gl0pLRRslsZtU0BacwVQAaGxLfaHOfdGeKohLDu6ykkC6jms+jhAFT9FtmZwTtw3qP
 mNO0ef3+pfhJQRo8WgtxPzum4ZCw2vm4CLlVOi/KHMQ3v65k0RWkYQlVoCjDzZgh1lOM
 93cThmtmzwA+IcY/YECydzWD+W270g3XftGjxBGl51e2SiSjSx4VenJLLApDmNQ9IwZi
 519B9pdrAAcJrTEE13R+nkPQ+ggQvgaN7s6ThKxAPY2eGJJ4mSPMhsBL4/zV72V4bped
 bJcTjqnEEL3Cy0L3lPl0OTt9AvWwFw5WADxf9zt+DWdUuWncKkKu3Jl3RyRsFfdwwX5t
 kEiA==
X-Gm-Message-State: ALoCoQkSyoy1wKiX4HsNggp340618lXgUz7+5EEJO5EFxiiTOjrWlqQgm3JPQRPnfKs+uf++FW99
X-Received: by 10.42.62.145 with SMTP id y17mr20931579ich.21.1421518111264;
 Sat, 17 Jan 2015 10:08:31 -0800 (PST)
Received: from [172.31.32.31]
 (107-133-113-194.lightspeed.milwwi.sbcglobal.net. [107.133.113.194])
 by mx.google.com with ESMTPSA id m5sm3438790ige.5.2015.01.17.10.08.30
 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128);
 Sat, 17 Jan 2015 10:08:30 -0800 (PST)
Content-Type: multipart/signed;
 boundary=Apple-Mail-22D14B5C-6CFC-4F7F-8EA1-7C0CF99D99C6;
 protocol="application/pkcs7-signature"; micalg=sha1
Mime-Version: 1.0 (1.0)
Subject: Re: Jail in zfs filesystem: non-root user has no access
From: Jason Hellenthal <jhellenthal@dataix.net>
X-Mailer: iPhone Mail (12B440)
In-Reply-To: <CAP1HOmTn1C8tHOgg5iOw9ZKVhyjjT_O04wqJrOYqCQrQbdF1uw@mail.gmail.com>
Date: Sat, 17 Jan 2015 12:08:29 -0600
Content-Transfer-Encoding: 7bit
Message-Id: <B2A3FC59-0084-45AB-8E74-8BB45E31BCEB@dataix.net>
References: <CAP1HOmTn1C8tHOgg5iOw9ZKVhyjjT_O04wqJrOYqCQrQbdF1uw@mail.gmail.com>
To: javocado <javocado@gmail.com>
Cc: "freebsd-jail@freebsd.org" <freebsd-jail@freebsd.org>
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.18-1
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-jail>,
 <mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail/>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
 <mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 17 Jan 2015 18:08:32 -0000


--Apple-Mail-22D14B5C-6CFC-4F7F-8EA1-7C0CF99D99C6
Content-Type: text/plain;
	charset=us-ascii
Content-Transfer-Encoding: 7bit

Can you jexec into the jail as that user ?

-- 
 Jason Hellenthal
 Mobile: +1 (616) 953-0176
 jhellenthal@DataIX.net
 JJH48-ARIN

On Jan 17, 2015, at 12:04, javocado <javocado@gmail.com> wrote:

System: FreeBSD 8.4 amd

We have a jail in a zfs filesystem with the following create properties:

zpool create -O devices=off -O atime=off -O setuid=off -O exec=off -O
compression=on ...

zfs create -o devices=off -o atime=off -o setuid=off -o compression=on -o
...

Everything works and runs fine, but when we try to do anything as a
non-root user we run into issues:

ssh user@x.x.x.x
Password:
Last login: Thu Jan 15 16:40:14 2015 from 209.242.167.133
Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994
The Regents of the University of California.  All rights reserved.

Could not chdir to home directory /home/user: Permission denied
/bin/csh: Permission denied
Connection to x.x.x.x closed.

----------------

[root @ xxxxx] /# su user
su: /bin/sh: Permission denied

----------------

Permissions on the dir are fine:

# ll
1 lrwxr-xr-x    1 root  wheel     8 Jan 11  2012 home@ -> usr/home
...

# ll usr
24 drwxr-xr-x  17 root  wheel   17 Jan 11  2012 ./
24 drwx------  18 root  wheel   23 Jan 11  2012 ../
...

# ll usr/home
24 drwxr-xr-x   3 root  wheel   3 Jan 11  2012 ./
24 drwxr-xr-x  17 root  wheel  17 Jan 11  2012 ../
24 drwxr-xr-x   2 user  user   10 Jan 11  2012 user/


My suspicion is it has to do with the setuid=off or exec=off on the pool,
since these settings set to "=on" on the zfs device itself have no impact.
But, before I tinker with the pool...which I'm not prepared to do for other
security-related reasons, I wanted to confirm what may be causing this.

Thanks!
_______________________________________________
freebsd-jail@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-jail
To unsubscribe, send any mail to "freebsd-jail-unsubscribe@freebsd.org"

--Apple-Mail-22D14B5C-6CFC-4F7F-8EA1-7C0CF99D99C6
Content-Type: application/pkcs7-signature;
	name=smime.p7s
Content-Disposition: attachment;
	filename=smime.p7s
Content-Transfer-Encoding: base64

MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIUOTCCBjAw
ggUYoAMCAQICAwohwzANBgkqhkiG9w0BAQsFADCBjDELMAkGA1UEBhMCSUwxFjAUBgNVBAoTDVN0
YXJ0Q29tIEx0ZC4xKzApBgNVBAsTIlNlY3VyZSBEaWdpdGFsIENlcnRpZmljYXRlIFNpZ25pbmcx
ODA2BgNVBAMTL1N0YXJ0Q29tIENsYXNzIDEgUHJpbWFyeSBJbnRlcm1lZGlhdGUgQ2xpZW50IENB
MB4XDTE0MDYwMzAzMzkyN1oXDTE1MDYwMzE4MDgxM1owSDEfMB0GA1UEAwwWamhlbGxlbnRoYWxA
ZGF0YWl4Lm5ldDElMCMGCSqGSIb3DQEJARYWamhlbGxlbnRoYWxAZGF0YWl4Lm5ldDCCASIwDQYJ
KoZIhvcNAQEBBQADggEPADCCAQoCggEBAJKGjiPzL417iKfMoeneq5efP1IaUUtMOy8yf+e7vO6k
JF8PWpXPevNbHzgWqB+EyEqjlNdsIApe9dl8Pb4/wLxjGpeoI9h83WzblarnczZfK7s0eyT/qN0Q
d9wFoX7ScyFdpFNW4TyCUNsRrqWkW1PM+nYcix9Ro9i9N89nQjIuND/2JZBgnGVys1yAqN6XF2e8
RAKlD1e5hJ3xyM7STk74Jex9b/D8jF/gmKTbJZ8zKST3VnEVIPTNUtDyCKrfwHEUT7PlLTPFBmXS
YxbK33AkYF7hHR8YP1zzlShucaef1Fsqj1dz151XjqIvgLetfDUDQJTRKaQSqouYbQibC4sCAwEA
AaOCAtwwggLYMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgSwMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggr
BgEFBQcDBDAdBgNVHQ4EFgQUzDac0huOVpzovDj7gQlVDDg1z4swHwYDVR0jBBgwFoAUU3Ltkpzg
2ssBXHx+ljVO8tS4UYIwIQYDVR0RBBowGIEWamhlbGxlbnRoYWxAZGF0YWl4Lm5ldDCCAUwGA1Ud
IASCAUMwggE/MIIBOwYLKwYBBAGBtTcBAgMwggEqMC4GCCsGAQUFBwIBFiJodHRwOi8vd3d3LnN0
YXJ0c3NsLmNvbS9wb2xpY3kucGRmMIH3BggrBgEFBQcCAjCB6jAnFiBTdGFydENvbSBDZXJ0aWZp
Y2F0aW9uIEF1dGhvcml0eTADAgEBGoG+VGhpcyBjZXJ0aWZpY2F0ZSB3YXMgaXNzdWVkIGFjY29y
ZGluZyB0byB0aGUgQ2xhc3MgMSBWYWxpZGF0aW9uIHJlcXVpcmVtZW50cyBvZiB0aGUgU3RhcnRD
b20gQ0EgcG9saWN5LCByZWxpYW5jZSBvbmx5IGZvciB0aGUgaW50ZW5kZWQgcHVycG9zZSBpbiBj
b21wbGlhbmNlIG9mIHRoZSByZWx5aW5nIHBhcnR5IG9ibGlnYXRpb25zLjA2BgNVHR8ELzAtMCug
KaAnhiVodHRwOi8vY3JsLnN0YXJ0c3NsLmNvbS9jcnR1MS1jcmwuY3JsMIGOBggrBgEFBQcBAQSB
gTB/MDkGCCsGAQUFBzABhi1odHRwOi8vb2NzcC5zdGFydHNzbC5jb20vc3ViL2NsYXNzMS9jbGll
bnQvY2EwQgYIKwYBBQUHMAKGNmh0dHA6Ly9haWEuc3RhcnRzc2wuY29tL2NlcnRzL3N1Yi5jbGFz
czEuY2xpZW50LmNhLmNydDAjBgNVHRIEHDAahhhodHRwOi8vd3d3LnN0YXJ0c3NsLmNvbS8wDQYJ
KoZIhvcNAQELBQADggEBABTurlkTDTe7R/3Va4AJzgeLybzHTijxvU9VE985fuKRBxS3x0cjKODM
Gv4ynlsHCZHONGouIbuU1W0dcaiWA2Qxo0gqwXoGFZ65ERgRhot1n8UKQTvVKg/qhd2RGgqaqFFY
qagXQAPglmpyvq3Hk6AN0E9XqAnbWCVaXUk0Al/TgZlCFtfE1NxfSkfF6u4ffkhj3AHHkbtBXsAe
aSVF/ZJ7ET4Ji//oozVxJktOFQzb96HgMYKMk/YSznIqt3guY3KJbahQiVouWErvQaMYsXX5JUOQ
YjnSa2/axNOTnUCPhDrgoS7BAJtJvNao8XWkRpp8RqqqhIywhrCsQlkRj7MwggY0MIIEHKADAgEC
AgEeMA0GCSqGSIb3DQEBBQUAMH0xCzAJBgNVBAYTAklMMRYwFAYDVQQKEw1TdGFydENvbSBMdGQu
MSswKQYDVQQLEyJTZWN1cmUgRGlnaXRhbCBDZXJ0aWZpY2F0ZSBTaWduaW5nMSkwJwYDVQQDEyBT
dGFydENvbSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wNzEwMjQyMTAxNTVaFw0xNzEwMjQy
MTAxNTVaMIGMMQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMi
U2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzE4MDYGA1UEAxMvU3RhcnRDb20gQ2xh
c3MgMSBQcmltYXJ5IEludGVybWVkaWF0ZSBDbGllbnQgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDHCYPMzi3YGrEppC4Tq5a+ijKDjKaIQZZVR63UbxIP6uq/I0fhCu+cQhoUfE6E
RKKnu8zPf1Jwuk0tsvVCk6U9b+0UjM0dLep3ZdE1gblK/1FwYT5Pipsu2yOMluLqwvsuz9/9f1+1
PKHG/FaR/wpbfuIqu54qzHDYeqiUfsYzoVflR80DAC7hmJ+SmZnNTWyUGHJbBpA8Q89lGxahNvur
yGaC/o2/ceD2uYDX9U8Eg5DpIpGQdcbQeGarV04WgAUjjXX5r/2dabmtxWMZwhZna//jdiSyrrSM
TGKkDiXm6/3/4ebfeZuCYKzN2P8O2F/Xe2AC/Y7zeEsnR7FOp+uXAgMBAAGjggGtMIIBqTAPBgNV
HRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUU3Ltkpzg2ssBXHx+ljVO8tS4
UYIwHwYDVR0jBBgwFoAUTgvvGqRAW6UXaYcwyjRoQ9BBrvIwZgYIKwYBBQUHAQEEWjBYMCcGCCsG
AQUFBzABhhtodHRwOi8vb2NzcC5zdGFydHNzbC5jb20vY2EwLQYIKwYBBQUHMAKGIWh0dHA6Ly93
d3cuc3RhcnRzc2wuY29tL3Nmc2NhLmNydDBbBgNVHR8EVDBSMCegJaAjhiFodHRwOi8vd3d3LnN0
YXJ0c3NsLmNvbS9zZnNjYS5jcmwwJ6AloCOGIWh0dHA6Ly9jcmwuc3RhcnRzc2wuY29tL3Nmc2Nh
LmNybDCBgAYDVR0gBHkwdzB1BgsrBgEEAYG1NwECATBmMC4GCCsGAQUFBwIBFiJodHRwOi8vd3d3
LnN0YXJ0c3NsLmNvbS9wb2xpY3kucGRmMDQGCCsGAQUFBwIBFihodHRwOi8vd3d3LnN0YXJ0c3Ns
LmNvbS9pbnRlcm1lZGlhdGUucGRmMA0GCSqGSIb3DQEBBQUAA4ICAQAKgwh9eKssBly4Y4xerhy5
I3dNoXHYfYa8PlVLL/qtXnkFgdtY1o95CfegFJTwqBBmf8pyTUnFsukDFUI22zF5bVHzuJ+GxhnS
qN2sD1qetbYwBYK2iyYA5Pg7Er1A+hKMIzEzcduRkIMmCeUTyMyikfbUFvIBivtvkR8ZFAk22BZy
+pJfAoedO61HTz4qSfQoCRcLN5A0t4DkuVhTMXIzuQ8CnykhExD6x4e6ebIbrjZLb7L+ocR0y4Yj
Cl/Pd4MXU91y0vTipgr/O75CDUHDRHCCKBVmz/Rzkc/b970MEeHt5LC3NiWTgBSvrLEuVzBKM586
YoRD9Dy3OHQgWI270g+5MYA8GfgI/EPT5G7xPbCDz+zjdH89PeR3U4So4lSXur6H6vp+m9TQXPF3
a0LwZrp8MQ+Z77U1uL7TelWO5lApsbAonrqASfTpaprFVkL4nyGH+NHST2ZJPWIBk81i6Vw0ny0q
ZW2Niy/QvVNKbb43A43ny076khXO7cNbBIRdJ/6qQNq9Bqb5C0Q5nEsFcj75oxQRqlKf6TcvGbjx
kJh8BYtv9ePsXklAxtm8J7GCUBthHSQgepbkOexhJ0wP8imUkyiPHQ0GvEnd83129fZjoEhdGwXV
27ioRKbj/cIq7JRXun0NbeY+UdMYu9jGfIpDLtUUGSgsg2zMGs5R4jCCB8kwggWxoAMCAQICAQEw
DQYJKoZIhvcNAQEFBQAwfTELMAkGA1UEBhMCSUwxFjAUBgNVBAoTDVN0YXJ0Q29tIEx0ZC4xKzAp
BgNVBAsTIlNlY3VyZSBEaWdpdGFsIENlcnRpZmljYXRlIFNpZ25pbmcxKTAnBgNVBAMTIFN0YXJ0
Q29tIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA2MDkxNzE5NDYzNloXDTM2MDkxNzE5NDYz
NlowfTELMAkGA1UEBhMCSUwxFjAUBgNVBAoTDVN0YXJ0Q29tIEx0ZC4xKzApBgNVBAsTIlNlY3Vy
ZSBEaWdpdGFsIENlcnRpZmljYXRlIFNpZ25pbmcxKTAnBgNVBAMTIFN0YXJ0Q29tIENlcnRpZmlj
YXRpb24gQXV0aG9yaXR5MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAwYjbCbxsRnx4
n5V7tTOQ8nJi1sE2ICIkXs7pd/JDCqIGZKTMjjb4OOYj8G5tsTzdcqOFHKHTPbQzK9Mvr/7qsEFZ
Z7bEBn0KnnSF1nlMgDd63zkFUln39BtGQ6TShYXSw3HzdWI0uiyKfx6P7u000BHHls1SPboz1t1N
3gs7SkufwiYv+rUWHHI1d8o8XebK4SaLGjZ2XAHbdBQl/u21oIgP3XjKLR8HlzABLXJ5+kbWEyqo
uaarg0kd5fLv3eQBjhgKj2NTFoViqQ4ZOsy1ZqbCa3QH5Cvhdj60bdj2ROFzYh87xL6gU1YlbFEJ
96qryr92/W2b853bvz1mvAxWqq+YSJU6S9+nWFDZOHWpW+pDDAL/mevobE1wWyllnN2qXcyvATHs
DOvSjejqnHvmbvcnZgwaSNduQuM/3iE+e+ENcPtjqqhsGlS0XCV6yaLJixamuyx+F14FTVhuEh0B
7hIQDcYyfxj//PT6zW6R6DZJvhpIaYvClk0aErJpF8EKkNb6eSJIv7p7afhwx/p6N9jYDdJ2T1f/
kLfjkdLd78Jgt2c63f6qnPDUi39yIs7Gn5e2+K+KoBCo2fsYxra1XFI8ibYZKnMBCg8DsxJg8nov
gdujbv8mMJf1i92JV7atPbOvK8W3dgLwpdYrmoYUKnL24zOMXQlLE9+7jHQTUksCAwEAAaOCAlIw
ggJOMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgGuMB0GA1UdDgQWBBROC+8apEBbpRdphzDKNGhD
0EGu8jBkBgNVHR8EXTBbMCygKqAohiZodHRwOi8vY2VydC5zdGFydGNvbS5vcmcvc2ZzY2EtY3Js
LmNybDAroCmgJ4YlaHR0cDovL2NybC5zdGFydGNvbS5vcmcvc2ZzY2EtY3JsLmNybDCCAV0GA1Ud
IASCAVQwggFQMIIBTAYLKwYBBAGBtTcBAQEwggE7MC8GCCsGAQUFBwIBFiNodHRwOi8vY2VydC5z
dGFydGNvbS5vcmcvcG9saWN5LnBkZjA1BggrBgEFBQcCARYpaHR0cDovL2NlcnQuc3RhcnRjb20u
b3JnL2ludGVybWVkaWF0ZS5wZGYwgdAGCCsGAQUFBwICMIHDMCcWIFN0YXJ0IENvbW1lcmNpYWwg
KFN0YXJ0Q29tKSBMdGQuMAMCAQEagZdMaW1pdGVkIExpYWJpbGl0eSwgcmVhZCB0aGUgc2VjdGlv
biAqTGVnYWwgTGltaXRhdGlvbnMqIG9mIHRoZSBTdGFydENvbSBDZXJ0aWZpY2F0aW9uIEF1dGhv
cml0eSBQb2xpY3kgYXZhaWxhYmxlIGF0IGh0dHA6Ly9jZXJ0LnN0YXJ0Y29tLm9yZy9wb2xpY3ku
cGRmMBEGCWCGSAGG+EIBAQQEAwIABzA4BglghkgBhvhCAQ0EKxYpU3RhcnRDb20gRnJlZSBTU0wg
Q2VydGlmaWNhdGlvbiBBdXRob3JpdHkwDQYJKoZIhvcNAQEFBQADggIBABZsmfRmDDT10IVefQrs
2hBOOBxe36YlBUuRMsHoO/E93UQJWwdJiinLZgK3sZr3JZgJPI4b4d02hytLu2jTOWY9oCbH8jmR
HVGrgnt+1c5a5OIDV3Bplwj5XlimCt+MBppFFhY4Cl5X9mLHegIF5rwetfKe9Kkpg/iyFONuKIdE
w5Aa3jipPKxDTWRFzt0oqVzyc3sE+Bfoq7HzLlxkbnMxOhK4vLMR5H2PgVGaO42J9E2TZns8A+3T
mh2a82VQ9aDQdZ8vr/DqgkOY+GmciXnEQ45GcuNkNhKv9yUeOImQd37Da2q5w8tES6x4kIvnxywe
SxFEyDRSJ80KXZ+FwYnVGnjylRBTMt2AhGZ12bVoKPthLr6EqDjAmRKGpR5nZK0GLi+pcIXHlg98
iWX1jkNUDqvdpYA5lGDANMmWcCyjEvUfSHu9HH5rt52Q9CI7rvj8Ksr6glKg769LVZPrwbXwIous
NE4mIgShhyx1SrflfRPXuAxkwDbSyS+GEowjCcEbgjtzSaNqV4eU5dZ4xZlDY+NN4Hct4WWZcmkE
GkcJ5g8BViT7H78OealYLrnECQF+lbptAAY+supKEDnY0Cv1v+x1v5cCxQkbCNxVN+KB+zeEQ2Ig
yudWS2Xq/mzBJJMkoTTrBf+aIq6bfT/xZVEKpjBqs/SIHIAN/HKK6INeMYIDbzCCA2sCAQEwgZQw
gYwxCzAJBgNVBAYTAklMMRYwFAYDVQQKEw1TdGFydENvbSBMdGQuMSswKQYDVQQLEyJTZWN1cmUg
RGlnaXRhbCBDZXJ0aWZpY2F0ZSBTaWduaW5nMTgwNgYDVQQDEy9TdGFydENvbSBDbGFzcyAxIFBy
aW1hcnkgSW50ZXJtZWRpYXRlIENsaWVudCBDQQIDCiHDMAkGBSsOAwIaBQCgggGvMBgGCSqGSIb3
DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTE1MDExNzE4MDgyOVowIwYJKoZIhvcN
AQkEMRYEFNUJZ044bWJYnYk3s5Yi6wFO6lU/MIGlBgkrBgEEAYI3EAQxgZcwgZQwgYwxCzAJBgNV
BAYTAklMMRYwFAYDVQQKEw1TdGFydENvbSBMdGQuMSswKQYDVQQLEyJTZWN1cmUgRGlnaXRhbCBD
ZXJ0aWZpY2F0ZSBTaWduaW5nMTgwNgYDVQQDEy9TdGFydENvbSBDbGFzcyAxIFByaW1hcnkgSW50
ZXJtZWRpYXRlIENsaWVudCBDQQIDCiHDMIGnBgsqhkiG9w0BCRACCzGBl6CBlDCBjDELMAkGA1UE
BhMCSUwxFjAUBgNVBAoTDVN0YXJ0Q29tIEx0ZC4xKzApBgNVBAsTIlNlY3VyZSBEaWdpdGFsIENl
cnRpZmljYXRlIFNpZ25pbmcxODA2BgNVBAMTL1N0YXJ0Q29tIENsYXNzIDEgUHJpbWFyeSBJbnRl
cm1lZGlhdGUgQ2xpZW50IENBAgMKIcMwDQYJKoZIhvcNAQEBBQAEggEAhwzHM85pV+LZaqT5FBfv
5cLAo886XzBFTy5R/4emvACoLGLSAeh7Tvb5mkDw9oX4VlYYC+RlarY7wOFoX9W3/J+hNQFjd8Yu
1yWSRDrMavUVgvze7EB0mQspMZ/bb4/xeXRE9qBGviaxH/zlHluCVCRVYGQctrBwVHBpMynjQ0G+
mk0tHyZ2WJc8kpf4PBjWj2E3Ox5hPDcbdyLqpLMqOulOY1Wf+Z97fNal0BB0t6lXLT6GMtLyQLBr
iD7abeQZw5txIodi23PWA6fPxbmOINP3Pg2gQLgtOW+rlq24AaeARn1nSgNNYQfRjqXBl0lOjm8n
PKGzsvcVhZiSxbCK2wAAAAAAAA==

--Apple-Mail-22D14B5C-6CFC-4F7F-8EA1-7C0CF99D99C6--

From owner-freebsd-jail@FreeBSD.ORG  Sat Jan 17 18:24:48 2015
Return-Path: <owner-freebsd-jail@FreeBSD.ORG>
Delivered-To: freebsd-jail@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 341F4372
 for <freebsd-jail@freebsd.org>; Sat, 17 Jan 2015 18:24:48 +0000 (UTC)
Received: from mx1.scaleengine.net (beauharnois2.bhs1.scaleengine.net
 [142.4.218.15]) by mx1.freebsd.org (Postfix) with ESMTP id E8D49987
 for <freebsd-jail@freebsd.org>; Sat, 17 Jan 2015 18:24:47 +0000 (UTC)
Received: from [192.168.1.2] (Seawolf.HML3.ScaleEngine.net [209.51.186.28])
 (Authenticated sender: allanjude.freebsd@scaleengine.com)
 by mx1.scaleengine.net (Postfix) with ESMTPSA id A91828879C
 for <freebsd-jail@freebsd.org>; Sat, 17 Jan 2015 18:24:40 +0000 (UTC)
Message-ID: <54BAA906.8080208@freebsd.org>
Date: Sat, 17 Jan 2015 13:25:10 -0500
From: Allan Jude <allanjude@freebsd.org>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64;
 rv:31.0) Gecko/20100101 Thunderbird/31.4.0
MIME-Version: 1.0
To: freebsd-jail@freebsd.org
Subject: Re: Jail in zfs filesystem: non-root user has no access
References: <CAP1HOmTn1C8tHOgg5iOw9ZKVhyjjT_O04wqJrOYqCQrQbdF1uw@mail.gmail.com>
In-Reply-To: <CAP1HOmTn1C8tHOgg5iOw9ZKVhyjjT_O04wqJrOYqCQrQbdF1uw@mail.gmail.com>
Content-Type: multipart/signed; micalg=pgp-sha1;
 protocol="application/pgp-signature";
 boundary="IqQXugt2OTEPC1V5b0taxR2V37UQ8sVbe"
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.18-1
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-jail>,
 <mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail/>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
 <mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 17 Jan 2015 18:24:48 -0000

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--IqQXugt2OTEPC1V5b0taxR2V37UQ8sVbe
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: quoted-printable

On 2015-01-17 13:04, javocado wrote:
> System: FreeBSD 8.4 amd
>=20
> We have a jail in a zfs filesystem with the following create properties=
:
>=20
> zpool create -O devices=3Doff -O atime=3Doff -O setuid=3Doff -O exec=3D=
off -O
> compression=3Don ...
>=20
> zfs create -o devices=3Doff -o atime=3Doff -o setuid=3Doff -o compressi=
on=3Don -o
> ...
>=20
> Everything works and runs fine, but when we try to do anything as a
> non-root user we run into issues:
>=20
> ssh user@x.x.x.x
> Password:
> Last login: Thu Jan 15 16:40:14 2015 from 209.242.167.133
> Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994
> The Regents of the University of California.  All rights reserved.
>=20
> Could not chdir to home directory /home/user: Permission denied
> /bin/csh: Permission denied
> Connection to x.x.x.x closed.
>=20
> ----------------
>=20
> [root @ xxxxx] /# su user
> su: /bin/sh: Permission denied
>=20
> ----------------
>=20
> Permissions on the dir are fine:
>=20
> # ll
>  1 lrwxr-xr-x    1 root  wheel     8 Jan 11  2012 home@ -> usr/home
> ...
>=20
> # ll usr
> 24 drwxr-xr-x  17 root  wheel   17 Jan 11  2012 ./
> 24 drwx------  18 root  wheel   23 Jan 11  2012 ../
> ...
>=20
> # ll usr/home
> 24 drwxr-xr-x   3 root  wheel   3 Jan 11  2012 ./
> 24 drwxr-xr-x  17 root  wheel  17 Jan 11  2012 ../
> 24 drwxr-xr-x   2 user  user   10 Jan 11  2012 user/
>=20
>=20
> My suspicion is it has to do with the setuid=3Doff or exec=3Doff on the=
 pool,
> since these settings set to "=3Don" on the zfs device itself have no im=
pact.
> But, before I tinker with the pool...which I'm not prepared to do for o=
ther
> security-related reasons, I wanted to confirm what may be causing this.=

>=20
> Thanks!
> _______________________________________________
> freebsd-jail@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-jail
> To unsubscribe, send any mail to "freebsd-jail-unsubscribe@freebsd.org"=

>=20

You have set 'exec=3Doff', so no binaries can ever be executed
So you can't run a shell

I am not sure how your system even boots, as you shouldn't be able to
run /sbin/init

--=20
Allan Jude


--IqQXugt2OTEPC1V5b0taxR2V37UQ8sVbe
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (MingW32)

iQIcBAEBAgAGBQJUuqkJAAoJEJrBFpNRJZKfUZ4P/ioqxVY5HQbt/z0at8v9B4pA
GJS6jNew9W4h01yrukCbLz5+NdiyGJa6WmkLhjBvRT2CCdKe4F8T2qmV8dd/FBmZ
swMuum42OHFa24HPYSE1pqZQpQP5mEbBGg8hKIB4KSEw8TtVgaWGCiIK73HqhObS
qLvMPihBfnUkNqTPUnEi7XplcbX3PsUa9YLfBtYzdq7K2REfYi4Rzbr8SoZQcVfy
T+OE11/yvs+3G0/V7K7oafCM3zYinZnP6QmV8RvUzFrGwjyLq7t8qm4quPr2KX1C
X7KQiTYcth/bYoXJ8Koiv/741S/6A96jaKP0erZO/4fDzvA2bBhOoE4F7VsELJUL
hyZMZ03vUTv9zmJ05WuruPeC2rd5d5l3ra2GPZ+Dqjxv8WgJMDBxfiP0yTvqj1Ox
uba/apLAZ9ZGrORrJuufImfILqMkhEJ0nhVdcJD475lFJi8o9pgRhYucGGMsBjOS
KeIBJhsIZiR9+oQZGBEK73inThRX4l/ZETBEJL4sCe/Rh8a6+tJFmIGK0Djraa9O
xG4j1K7AGM2iYgz8SYN5PfLx2X5rmOlg58HR4DPIaKYHE4U9AwLIGcAP3FLN+6el
6p1LWqFGLaTjMLgSF1L14Yviq6hGhnpPHJ3qsRXQ+X2JlY4pGWlE8G6U0yoa5Ho7
a7hv8zipsACzI2CJsfmL
=xuEx
-----END PGP SIGNATURE-----

--IqQXugt2OTEPC1V5b0taxR2V37UQ8sVbe--