From owner-soc-status@freebsd.org Tue Jul 16 01:51:05 2019 Return-Path: Delivered-To: soc-status@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 3FCB6A2BED for ; Tue, 16 Jul 2019 01:51:05 +0000 (UTC) (envelope-from therontarigo@gmail.com) Received: from mail-pl1-f171.google.com (mail-pl1-f171.google.com [209.85.214.171]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 404198AD84 for ; Tue, 16 Jul 2019 01:51:04 +0000 (UTC) (envelope-from therontarigo@gmail.com) Received: by mail-pl1-f171.google.com with SMTP id ay6so9225692plb.9 for ; Mon, 15 Jul 2019 18:51:04 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:to:from:subject:cc:message-id:date:user-agent :mime-version:content-transfer-encoding:content-language; bh=Frqt2OcjsX3bLni3xhHPHM2jLr7sPtozteOcIDkaxzs=; b=Lp37R4IGUoHIDOq/uswQLL7iigCnB5vmWzePsXcimUsrPJA6KbC0Sq8AYMBMn+87Ql qaAADP1ZbPEywsUVZjCZvLX9K9V4c4MtmLmjlGE0Y437SIw+F1BDBzn/NCoSfbYNrj7L z4Zqox7pZhtHy3NnkW49MUqMdLFgSEeqtjAyoRmhAGOJ0KUEqVfQacLJC34wfp+LBfvk FdDD0TKNpjMNl4wJF59VoAN0AGKpZ8pFuaf+Bv/anQaJsuoc/hB1PMp44UeZYuhZVtQy N50mAWh2iJklOG8MEBzN7HONul/N+4pj9lp128F/5g15NfflBl228oqEqoBzYKQkaTv3 tWTw== X-Gm-Message-State: APjAAAU2poU5hWnyGCV/YEJ/3k6pvlv2vVoHqZZDiEehkxvxJqV2kVhS jB9US+St8B+/nRgH+2feoO3deHtO X-Google-Smtp-Source: APXvYqzSdIDQtV647S3/LzY2ExC8OIetgzmEJFmtS3JhZ+Nvm3lCFqXvRvUL6ChM6QUQopXRzojAVQ== X-Received: by 2002:a17:902:788f:: with SMTP id q15mr31019762pll.236.1563222490019; Mon, 15 Jul 2019 13:28:10 -0700 (PDT) Received: from [192.168.1.24] (c-73-170-47-221.hsd1.ca.comcast.net. [73.170.47.221]) by smtp.gmail.com with ESMTPSA id t26sm14340692pgu.43.2019.07.15.13.28.09 (version=TLS1_3 cipher=AEAD-AES128-GCM-SHA256 bits=128/128); Mon, 15 Jul 2019 13:28:09 -0700 (PDT) To: soc-status@freebsd.org From: Theron Tarigo Subject: GSoC: Separation of Ports Build Process from Local Installation Message-ID: <50c43ed4-d385-cea8-1551-42ab76b97488@freebsd.org> Date: Mon, 15 Jul 2019 13:28:08 -0700 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:60.0) Gecko/20100101 Thunderbird/60.7.1 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit Content-Language: en-US X-Rspamd-Queue-Id: 404198AD84 X-Spamd-Bar: ------ Authentication-Results: mx1.freebsd.org; spf=pass (mx1.freebsd.org: domain of therontarigo@gmail.com designates 209.85.214.171 as permitted sender) smtp.mailfrom=therontarigo@gmail.com X-Spamd-Result: default: False [-6.01 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-0.999,0]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:209.85.128.0/17]; IP_SCORE(-3.15)[ip: (-9.80), ipnet: 209.85.128.0/17(-3.46), asn: 15169(-2.44), country: US(-0.06)]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[soc-status@freebsd.org]; DMARC_NA(0.00)[freebsd.org]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; RCVD_COUNT_THREE(0.00)[3]; MIME_TRACE(0.00)[0:+]; TO_MATCH_ENVRCPT_SOME(0.00)[]; MX_GOOD(-0.01)[cached: alt3.gmail-smtp-in.l.google.com]; RCPT_COUNT_TWO(0.00)[2]; RCVD_IN_DNSWL_NONE(0.00)[171.214.85.209.list.dnswl.org : 127.0.5.0]; NEURAL_HAM_SHORT(-0.85)[-0.852,0]; RCVD_TLS_LAST(0.00)[]; FORGED_SENDER(0.30)[theron@freebsd.org,therontarigo@gmail.com]; R_DKIM_NA(0.00)[]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ASN(0.00)[asn:15169, ipnet:209.85.128.0/17, country:US]; FROM_NEQ_ENVFROM(0.00)[theron@freebsd.org,therontarigo@gmail.com]; MID_RHS_MATCH_FROM(0.00)[] X-BeenThere: soc-status@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Summer of Code Status Reports and Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 16 Jul 2019 01:51:05 -0000 Hello all, This project aims to decouple the build process of the ports framework from the local installation.  To work around the assumptions made by ports about dependency file locations, a userspace tool to remap processes' filesystem namespaces is under development. This past week, I have made the following progress: - Created a port of freebsd-user-namespace: devel/userns. - Integrated devel/userns into PORTS_SEPARATED_BUILD mode of ports framework. - freebsd-user-namespace looks up addresses from /usr/lib/debug to live-patch ld-elf.so.1 where needed. - Improved integration of devel/userns and devel/bmake into bsd.ports.mk such that these tools are created when required by PORTS_SEPARATED_BUILD mode. - Confirmed that devel/llvm60 and all its dependencies build successfully, this time in a fresh FreeBSD 12.0-RELEASE installation with https://github.com/therontarigo/freebsd-ports -b separated as /usr/ports. This selection of ports represents many build tools commonly used in building of other ports: python, perl, lua, GNU, CMake, ... What I am working on next: - Review and clean up code; eliminate need for any special configuration to be able to use PORTS_SEPARATED_BUILD. - Build larger set of ports to discover remaining incompatibilities. - Set up automated testing of ports to assess progress and catch regressions. Project goals and status are kept at https://wiki.freebsd.org/SummerOfCode2019Projects/PortsSeparatedBuild . Source of the userspace filesystem namespace tool is shared at https://github.com/therontarigo/freebsd-user-namespace . Changes to ports framework are shared at https://github.com/freebsd/freebsd-ports/compare/master...therontarigo:separated. Theron Tarigo From owner-soc-status@freebsd.org Tue Jul 16 05:22:08 2019 Return-Path: Delivered-To: soc-status@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id D0438A604A for ; Tue, 16 Jul 2019 05:22:08 +0000 (UTC) (envelope-from shivankgarg98@gmail.com) Received: from mail-ed1-f43.google.com (mail-ed1-f43.google.com [209.85.208.43]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id C8BD46AFA6; Tue, 16 Jul 2019 05:22:07 +0000 (UTC) (envelope-from shivankgarg98@gmail.com) Received: by mail-ed1-f43.google.com with SMTP id k21so17963168edq.3; Mon, 15 Jul 2019 22:22:07 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=rjOC2XOcfWhJTxe8g+1s6khQmcO1AMidB42RTynuuts=; b=RLqx8ol2MkkCHMPC0nPHdFkqhIo5BXDnxqd/iIA7bidAZRMpjWbYFiGZYOT8vsQ/U8 LMqiAlFq87CpoR3cBIUGO84GH8MyZUNI9TqrpjeDHqAD0EhP+XX1PBT4XTJfi2FQPXSj XF546k5a3bYB5rXuboWNamo/N8WrnvBJrdfcesQZB7L5av4/boCPl6uPnGReCKQXEqoE 1sbsVDcX3HhMrEgCcSrdZxUknzqD1pPF8WKLH9MwjXgu8VniuQVAYDfpvTN5/aRUz6SO nEfkBlDdq9WSKPQ+IH9KGJtP14ppWPg0Wx0+i6mAxPuJDLlmyfCDjL/h3SMrVLYG7En/ c5FQ== X-Gm-Message-State: APjAAAU5NzMb2dJY7NHK9RaUoL6DJrBAYhPOZFKqJeYI5X5H265dr0IA w/jYvEQSHXGjrNry5BBaeiFeLnQsts8= X-Google-Smtp-Source: APXvYqzvUSjvwJ9tOt4SBr6/bHeLMXjmEDx00kWFMBSscb4xvfyMfR6xfjwlvtSDLhmWEpjKg1ZavA== X-Received: by 2002:a50:ac46:: with SMTP id w6mr28395702edc.238.1563254526243; Mon, 15 Jul 2019 22:22:06 -0700 (PDT) Received: from mail-ed1-f42.google.com (mail-ed1-f42.google.com. [209.85.208.42]) by smtp.gmail.com with ESMTPSA id m4sm1503956ejo.50.2019.07.15.22.22.05 (version=TLS1_3 cipher=AEAD-AES128-GCM-SHA256 bits=128/128); Mon, 15 Jul 2019 22:22:06 -0700 (PDT) Received: by mail-ed1-f42.google.com with SMTP id k8so17926394edr.11; Mon, 15 Jul 2019 22:22:05 -0700 (PDT) X-Received: by 2002:a05:6402:1557:: with SMTP id p23mr26797649edx.207.1563254525656; Mon, 15 Jul 2019 22:22:05 -0700 (PDT) MIME-Version: 1.0 From: Shivank Garg Date: Tue, 16 Jul 2019 10:51:54 +0530 X-Gmail-Original-Message-ID: Message-ID: Subject: [GSoC'19 Weekly Update] MAC policy on IP addresses in Jail To: soc-status@freebsd.org, "Bjoern A. Zeeb" X-Rspamd-Queue-Id: C8BD46AFA6 X-Spamd-Bar: ----- Authentication-Results: mx1.freebsd.org; spf=pass (mx1.freebsd.org: domain of shivankgarg98@gmail.com designates 209.85.208.43 as permitted sender) smtp.mailfrom=shivankgarg98@gmail.com X-Spamd-Result: default: False [-5.08 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-0.997,0]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:209.85.128.0/17]; TO_MATCH_ENVRCPT_ALL(0.00)[]; TAGGED_RCPT(0.00)[soc]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; DMARC_NA(0.00)[freebsd.org]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; RCVD_COUNT_THREE(0.00)[4]; MIME_TRACE(0.00)[0:+,1:+]; MX_GOOD(-0.01)[cached: alt3.gmail-smtp-in.l.google.com]; RCPT_COUNT_TWO(0.00)[2]; RCVD_IN_DNSWL_NONE(0.00)[43.208.85.209.list.dnswl.org : 127.0.5.0]; NEURAL_HAM_SHORT(-0.80)[-0.804,0]; RCVD_TLS_LAST(0.00)[]; FORGED_SENDER(0.30)[shivank@freebsd.org,shivankgarg98@gmail.com]; R_DKIM_NA(0.00)[]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ASN(0.00)[asn:15169, ipnet:209.85.128.0/17, country:US]; FROM_NEQ_ENVFROM(0.00)[shivank@freebsd.org,shivankgarg98@gmail.com]; IP_SCORE(-2.27)[ip: (-5.37), ipnet: 209.85.128.0/17(-3.46), asn: 15169(-2.44), country: US(-0.06)] Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.29 X-BeenThere: soc-status@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Summer of Code Status Reports and Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 16 Jul 2019 05:22:08 -0000 Hi everyone! This project is aimed at developing a loadable MAC module with the "The TrustedBSD MAC Framework" to limit the set of IP addresses a VNET-enabled Jail can choose from. This week I made the following progress- * Added checks to allow/deny IPv4 and IPv6 subnets. * Added more variety of tests to verify features of the module and integrated it with Kyua * Added bits of Documentation about using the module. Do Check this project on Github: https://github.com/shivankgarg98/freebsd/tree/shivank_MACPolicyIPAddressJail/sys/security/mac_ipacl FreeBSD wiki: https://wiki.freebsd.org/SummerOfCode2019Projects/MACPolicyIPAddressJail Please feel free to share your ideas and feedback on this project. Regards, Shivank Garg