From owner-soc-status@freebsd.org Mon Jun 24 14:21:40 2019 Return-Path: Delivered-To: soc-status@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 0F7BD15CEB65 for ; Mon, 24 Jun 2019 14:21:40 +0000 (UTC) (envelope-from shivankgarg98@gmail.com) Received: from mail-ed1-f43.google.com (mail-ed1-f43.google.com [209.85.208.43]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 134E2701FD; Mon, 24 Jun 2019 14:21:38 +0000 (UTC) (envelope-from shivankgarg98@gmail.com) Received: by mail-ed1-f43.google.com with SMTP id r12so22087415edo.5; Mon, 24 Jun 2019 07:21:38 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=muu2IH0hK6zsteB+l14tmvMfCD7vmAD6ENP2S1KHugM=; b=SD4JOVsqzXnbCSv4sTc8lLWoV99N9m3ykL74MCVZ+9Dgj+18qzUXltSGBqM1FEH2vA Oe5xaGsIX2YcAm/BohzVMhuPzQd1y9x9jZNbm4z8J/Khxj3RF0GlnRUdBZPxjwhEIQ5U GzxzXMJLVxplKLE13mBEUDuHHLffQuR8d6GeaexL8RQNHwaEZQTUVHIX69dmF42A2NND iMGrXlHoY8uTrxCZTl+3b7pNavtxABqUTlPJ9KTS4S8UrECbwQzHKnx7StNdX851wKWI rBXrv5tG6FiwNpMX3r+FlpG9Mf7DB+pT72QsXs7dWAyxI0it4Yr7+UIldnwMTayzPjlw Rl9Q== X-Gm-Message-State: APjAAAUvCHaRih69aSUvhwyPsKP3O+qCfkWPAdmi7xhyIqFw3yp9YpPi HDiCqbFW2GwGL0KwWUtSIw+Pmd6GvRc= X-Google-Smtp-Source: APXvYqyPtQiahz8srIX4u+eXFsg2Y+iU50SSAYLXKBrzYf7+2YmobahWxsdLDieJrx+1sEgb5RRQcQ== X-Received: by 2002:a17:906:66c2:: with SMTP id k2mr45738001ejp.65.1561386091974; Mon, 24 Jun 2019 07:21:31 -0700 (PDT) Received: from mail-ed1-f53.google.com (mail-ed1-f53.google.com. [209.85.208.53]) by smtp.gmail.com with ESMTPSA id w17sm3688427edi.15.2019.06.24.07.21.31 (version=TLS1_3 cipher=AEAD-AES128-GCM-SHA256 bits=128/128); Mon, 24 Jun 2019 07:21:31 -0700 (PDT) Received: by mail-ed1-f53.google.com with SMTP id e3so22007624edr.10; Mon, 24 Jun 2019 07:21:31 -0700 (PDT) X-Received: by 2002:a17:906:414:: with SMTP id d20mr1198036eja.275.1561386091306; Mon, 24 Jun 2019 07:21:31 -0700 (PDT) MIME-Version: 1.0 From: Shivank Garg Date: Mon, 24 Jun 2019 19:51:20 +0530 X-Gmail-Original-Message-ID: Message-ID: Subject: [GSoC'19 Weekly Update] MAC policy on IP addresses in Jail To: soc-status@freebsd.org, "Bjoern A. Zeeb" X-Rspamd-Queue-Id: 134E2701FD X-Spamd-Bar: ----- Authentication-Results: mx1.freebsd.org; spf=pass (mx1.freebsd.org: domain of shivankgarg98@gmail.com designates 209.85.208.43 as permitted sender) smtp.mailfrom=shivankgarg98@gmail.com X-Spamd-Result: default: False [-5.21 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:209.85.128.0/17]; TO_MATCH_ENVRCPT_ALL(0.00)[]; TAGGED_RCPT(0.00)[soc]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; DMARC_NA(0.00)[freebsd.org]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; RCVD_COUNT_THREE(0.00)[4]; MIME_TRACE(0.00)[0:+,1:+]; MX_GOOD(-0.01)[cached: alt3.gmail-smtp-in.l.google.com]; RCPT_COUNT_TWO(0.00)[2]; RCVD_IN_DNSWL_NONE(0.00)[43.208.85.209.list.dnswl.org : 127.0.5.0]; NEURAL_HAM_SHORT(-0.92)[-0.915,0]; RCVD_TLS_LAST(0.00)[]; FORGED_SENDER(0.30)[shivank@freebsd.org,shivankgarg98@gmail.com]; R_DKIM_NA(0.00)[]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ASN(0.00)[asn:15169, ipnet:209.85.128.0/17, country:US]; FROM_NEQ_ENVFROM(0.00)[shivank@freebsd.org,shivankgarg98@gmail.com]; IP_SCORE(-2.29)[ip: (-5.62), ipnet: 209.85.128.0/17(-3.44), asn: 15169(-2.33), country: US(-0.06)] Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.29 X-BeenThere: soc-status@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Summer of Code Status Reports and Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 24 Jun 2019 14:21:40 -0000 Hi everyone! This project is aimed at developing a loadable MAC module with the "The TrustedBSD MAC Framework" to limit the set of IP addresses a VNET-enabled Jail can choose from. This week I made the following progress- * Added sysctl interface to the mac_ipacl module to allow/disallow IPv4/6 address to jail. * Added design notes for the policy structure of the new module * Tested the mac_ipacl module with tests script and added more tests to them. Currently, I am- * converting the policy into data structure * looking into the code ipfw/pf to get the idea about passing the rules. * looking into atf to integrate it with my test shell scripts. Do Check this project on Github: https://github.com/shivankgarg98/freebsd/tree/shivank_MACPolicyIPAddressJail/sys/security/mac_ipacl FreeBSD wiki: https://wiki.freebsd.org/SummerOfCode2019Projects/MACPolicyIPAddressJail Please feel free to share your ideas and feedback on this project. Regards, Shivank Garg From owner-soc-status@freebsd.org Mon Jun 24 17:16:07 2019 Return-Path: Delivered-To: soc-status@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id D402415D3662 for ; Mon, 24 Jun 2019 17:16:06 +0000 (UTC) (envelope-from therontarigo@gmail.com) Received: from mail-oi1-f181.google.com (mail-oi1-f181.google.com [209.85.167.181]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id DB93E77113 for ; Mon, 24 Jun 2019 17:16:05 +0000 (UTC) (envelope-from therontarigo@gmail.com) Received: by mail-oi1-f181.google.com with SMTP id v186so10345209oie.5 for ; Mon, 24 Jun 2019 10:16:05 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:to:cc:from:subject:message-id:date:user-agent :mime-version:content-transfer-encoding:content-language; bh=AGe5joOtkyTwNtZ0mWEqHEwn8d7PraWyaB+Ew1ypYX8=; b=hXguTnbahktXTJj/IA1g2vGjyb/LDJjIzI+GNNo1QblYBoJ5wxsMGiAptkRAzqaeD+ LZV7nDU4L2b+6bUbCPwppDDBKoZf+2SvlHMX17iUZWbHg/W0dPUZj27rjzo//OYvbYY8 oIVkLIgcU0G+2fIVYjByJFmJs7dR2qc8fa7MKf1eQX1Hclb8rv9Rb5MQ/2vLZ2YJnyYL 2ijsYPe3h7vvcI3XiBL9T5gz6Jx65o9lOURl9V5Kbx/QjfhF3ir2YNvsTQU/ColilFmT 2hXawWhTfTnk8gvolDCO4UpbxNOXRe/tFeXDzona0qnpNaoHZeOAWiMpBm2JdWgpETZ0 36vw== X-Gm-Message-State: APjAAAVHUZOl259+XF7O2iVLYf8LbWoLIQ/cgugAauSU3F2sXXquOpl9 uUFJgYdSJupIzrI+EiSQWJfAdczl X-Google-Smtp-Source: APXvYqxJrvLCJJZ935Pedu/g72QeGs7rf2dwoX9hXXbnNLEC1srvybcp3903ZFC9ZebZpfoG4gsi6g== X-Received: by 2002:a63:5a1f:: with SMTP id o31mr33422483pgb.254.1561394877460; Mon, 24 Jun 2019 09:47:57 -0700 (PDT) Received: from [192.168.1.23] (c-73-170-47-221.hsd1.ca.comcast.net. [73.170.47.221]) by smtp.gmail.com with ESMTPSA id u23sm15677428pfn.140.2019.06.24.09.47.56 (version=TLS1_3 cipher=AEAD-AES128-GCM-SHA256 bits=128/128); Mon, 24 Jun 2019 09:47:56 -0700 (PDT) To: soc-status@freebsd.org From: Theron Tarigo Subject: GSoC: Separation of Ports Build Process from Local Installation Message-ID: <7b573047-8b1b-539c-04b2-441fe5d1f3e2@freebsd.org> Date: Mon, 24 Jun 2019 09:47:56 -0700 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:60.0) Gecko/20100101 Thunderbird/60.7.1 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit Content-Language: en-US X-Rspamd-Queue-Id: DB93E77113 X-Spamd-Bar: ---- Authentication-Results: mx1.freebsd.org; spf=pass (mx1.freebsd.org: domain of therontarigo@gmail.com designates 209.85.167.181 as permitted sender) smtp.mailfrom=therontarigo@gmail.com X-Spamd-Result: default: False [-4.27 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:209.85.128.0/17]; IP_SCORE(-1.29)[ip: (-0.63), ipnet: 209.85.128.0/17(-3.44), asn: 15169(-2.33), country: US(-0.06)]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[soc-status@freebsd.org]; DMARC_NA(0.00)[freebsd.org]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; RCVD_COUNT_THREE(0.00)[3]; MIME_TRACE(0.00)[0:+]; TO_MATCH_ENVRCPT_SOME(0.00)[]; MX_GOOD(-0.01)[cached: alt3.gmail-smtp-in.l.google.com]; RCPT_COUNT_TWO(0.00)[2]; RCVD_IN_DNSWL_NONE(0.00)[181.167.85.209.list.dnswl.org : 127.0.5.0]; NEURAL_HAM_SHORT(-0.97)[-0.968,0]; RCVD_TLS_LAST(0.00)[]; FORGED_SENDER(0.30)[theron@freebsd.org,therontarigo@gmail.com]; R_DKIM_NA(0.00)[]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ASN(0.00)[asn:15169, ipnet:209.85.128.0/17, country:US]; FROM_NEQ_ENVFROM(0.00)[theron@freebsd.org,therontarigo@gmail.com]; MID_RHS_MATCH_FROM(0.00)[] X-BeenThere: soc-status@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Summer of Code Status Reports and Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 24 Jun 2019 17:16:07 -0000 Hello all, This project aims to decouple the build process of the ports framework from the local installation.  To work around the assumptions made by ports about dependency file locations, a userspace tool to remap processes' filesystem namespaces is under development. This past week, I have made the following progress: - Switched bsd.port.mk from using a chroot for namespace manipulation to using the userspace namespace tool. - Enabled namespace tool to read path mappings from environment, supplied by bsd.port.mk - Re-ran port builds.  Several problems which had not occurred when using chroot became introduced. - Studied interactions between executables, namespace tool, dynamic linker, and standard library to understand the cases in which file accesses fail to be intercepted. What I am working on next: - Research, design, implement, and test appropriate solutions for the problems encountered with userspace file access interception. Project goals and status are kept at https://wiki.freebsd.org/SummerOfCode2019Projects/PortsSeparatedBuild . Source of the userspace filesystem namespace tool is shared at https://github.com/therontarigo/freebsd-user-namespace . Changes to ports framework are shared at https://github.com/freebsd/freebsd-ports/compare/master...therontarigo:master . Theron Tarigo From owner-soc-status@freebsd.org Mon Jun 24 20:45:52 2019 Return-Path: Delivered-To: soc-status@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 3C40915D9334 for ; Mon, 24 Jun 2019 20:45:52 +0000 (UTC) (envelope-from pkaipila@gmail.com) Received: from mail-io1-xd44.google.com (mail-io1-xd44.google.com [IPv6:2607:f8b0:4864:20::d44]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id DCC118831E for ; Mon, 24 Jun 2019 20:45:50 +0000 (UTC) (envelope-from pkaipila@gmail.com) Received: by mail-io1-xd44.google.com with SMTP id n5so5183855ioc.7 for ; Mon, 24 Jun 2019 13:45:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=2ZJNeDYjwYjLv0uHFeCSpzOjYvOxttG0FkIPPF7YYFU=; b=bQuGzxX/xsLmQSXKZn5DLqFBoZnmbM4oX+hEctwVynorn6YVi7Nl/eB+3YikMuaHxz yOD3BHAze0XILpQZaLD/2koh42n4ZlS8XOXLcxxehRhEyEJkQhhRIa6tSGXHvnKAXtpt 4jmO3wN5+ay+DT5YjCRcgjK587UyT/ShSHml7PXL3WJeCbSNHBreLcEPufqMQhPNLuY7 sWeMd8Nc9Xy/d2bed1UGPp5y1fME+1YG2rHbJQecsQeUwhHTm7YNOlpXV9GsaBzxldu9 b+cpoekXw5y8UrLKq++NN52+bCUjapzzA8nZYiHE+aC1nLBPGJhm9N8aGQUkSAsqLAnH BeSA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=2ZJNeDYjwYjLv0uHFeCSpzOjYvOxttG0FkIPPF7YYFU=; b=GoSKkLbGu/4kbVzZ/NeuDd5nULXYTjl9bhnCgWf7djgbmDsltYdsxz8tKoqXdy7586 jvfj6WTEyJyRcU828PTlrqgySWM0noI+qQhfN2nn9TpZnNa1/As9o6rdQLGXqt5TYa9f QCaH5OvLOiTdkN9MRIDUPkNTF1sLMBa0C8aKQEiwcSQCTTfU63XsyHeogPByQ57svFES R2X50I/IG9xvSXJX/UlzfvzeGbRnUxWCLKIU/AnTMmQIxjQH0asBGfk+quisXHB1g3uc ftJxSRJ2dC/VdCg++Y4gx9L55+WAjO5IDLsb6VckLdIkwTi8/P6sFqA23VTnQxUC1eV4 EnVA== X-Gm-Message-State: APjAAAWmRobfzMgIWFa9+RWgP5Im5jgdI/DQoKJcp21lSHZRpBZaSbMe H77nHfsFSm2GYZlBS6cx9S2QYtAUcoSdJaGE9MxdkPWvNdk= X-Google-Smtp-Source: APXvYqxZai5tWlrgvUAmI5GN54cSvGBbd7ZyYLQLYFJ+lOhj9CwBWCSDZo4ByAQe5IsndCD8smRhVjVKOCuZFPhxUNI= X-Received: by 2002:a6b:7f06:: with SMTP id l6mr764013ioq.53.1561409149969; Mon, 24 Jun 2019 13:45:49 -0700 (PDT) MIME-Version: 1.0 From: Paavo-Einari Kaipila Date: Mon, 24 Jun 2019 23:45:19 +0300 Message-ID: Subject: [Virtual memory compression] status update To: soc-status@freebsd.org Content-Type: text/plain; charset="UTF-8" X-Rspamd-Queue-Id: DCC118831E X-Spamd-Bar: ---- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20161025 header.b=bQuGzxX/; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (mx1.freebsd.org: domain of pkaipila@gmail.com designates 2607:f8b0:4864:20::d44 as permitted sender) smtp.mailfrom=pkaipila@gmail.com X-Spamd-Result: default: False [-4.79 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20161025]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36]; FREEMAIL_FROM(0.00)[gmail.com]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[soc-status@freebsd.org]; TO_DN_NONE(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; RCVD_TLS_LAST(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; DKIM_TRACE(0.00)[gmail.com:+]; MX_GOOD(-0.01)[cached: alt3.gmail-smtp-in.l.google.com]; DMARC_POLICY_ALLOW(-0.50)[gmail.com,none]; RCVD_IN_DNSWL_NONE(0.00)[4.4.d.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.0.4.6.8.4.0.b.8.f.7.0.6.2.list.dnswl.org : 127.0.5.0]; IP_SCORE(-0.81)[ip: (1.47), ipnet: 2607:f8b0::/32(-3.15), asn: 15169(-2.33), country: US(-0.06)]; NEURAL_HAM_SHORT(-0.97)[-0.969,0]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]; RCVD_COUNT_TWO(0.00)[2]; DWL_DNSWL_NONE(0.00)[gmail.com.dwl.dnswl.org : 127.0.5.0] X-BeenThere: soc-status@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Summer of Code Status Reports and Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 24 Jun 2019 20:45:52 -0000 Hey Sorry everyone, I've been a bit shy because there hasn't been much to showcase until now. But anyway, I'm on schedule and the disk even works now! The repo resides here and the commit 4f6ac56fd5fc4ffb4f8a36669579ae83e89d0103 is "guaranteed" to work. https://github.com/pavetheway91/freebsd You may create a compressed memory disk with mdconfig: mdconfig -t compressed -s 10m Zlib is the only supported algorithm at the moment. I'm looking forward to adding zstd and lz4 soon. I'd like to get some input on few questions: - Should zlib be included in the final product just in case if someone doesn't have lz4 or zstd in their kernel? - Should I make a separate stream for each cpu core or stripe across multiple devices when swapping? And special thank you for my "third mentror" markj who has been extra helpful. -Pave