From owner-freebsd-hackers@freebsd.org Sun Oct 4 02:50:34 2020 Return-Path: Delivered-To: freebsd-hackers@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id E05163F75C3 for ; Sun, 4 Oct 2020 02:50:34 +0000 (UTC) (envelope-from meowthink@gmail.com) Received: from mail-ej1-x62d.google.com (mail-ej1-x62d.google.com [IPv6:2a00:1450:4864:20::62d]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4C3pBK5RmGz45tn for ; Sun, 4 Oct 2020 02:50:33 +0000 (UTC) (envelope-from meowthink@gmail.com) Received: by mail-ej1-x62d.google.com with SMTP id ly6so5729096ejb.8 for ; Sat, 03 Oct 2020 19:50:33 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=GMlKA2EBEm++4GrxGaPBu7Cg90Pt+rZCspf6D89X5Yk=; b=SgcVlDkmyrjZBWafoU5J4Vs2F/G9KWsFb+BQnPD+L8h2No2tCiQK61Gpov60gtq4QC GEgnlmEQXmylTLDMz4WtjPj/cUoLErJSqCo7CNRO80xPuskZRtzjEpgT+s2IK5Djdox6 CFhUB5RLIL4lU8yq/M92z/5vbjTHuZeKenAAvdSL1btGhwjDT2QFro3cSQbSWCH6K20n Iy+j+Tn++vBoQWp6fJI9Ub04MvApMLh9t58IzoYUkOLGtJrn1JpOHRpCJx7kqiBk6PVR 6nawqbc/6BPNBuEkqV1xvcTVYi2e2YyKi7OhD3G9evMdBraYTgw7tiQOUnuJHrjdCWus PtEQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=GMlKA2EBEm++4GrxGaPBu7Cg90Pt+rZCspf6D89X5Yk=; b=CpHong4SFhN605S5RtgCQfLI6w1T9dEHyv2fA8ipTq8GC3MQpEHD78xYyFqRoqrNJa 2+dU9I3oQFlpcGucRqZZUPgyYxq493n6Lze3mlVXGsW+uetOeWYwuYny6D+cA0kzDb7L HbRAIYlvlQjIYXPuw2TeGNknMQZVbxdE56YKF7odhp10kki4IIIPv81kdWmWQPwuwaaZ RgWBTQDJPOZUEOFAu38imi1a3uRrnWdIOwPg8w4WL8pwiV9ApgJSzeELhjxXQbZqhY/S 7Cqwus7N7eE+huw2H73OK4m3olNpfF038ACDZTQ2ynQ8HR2InOEN1GR5DUMT3q3u6t4e AMPA== X-Gm-Message-State: AOAM5311gciHoPuNcR9NM2yVPA36fXJvUbnUYZFWmXp9cu6FDZcJIMxJ oSJAdiVfzC5l7/HCJlvWbAN+VqM87thUV1rpgOyOxLTml9M= X-Google-Smtp-Source: ABdhPJxVRBq4xTCHAr2GrTvqcmcnXLwegM167dak3YuqSFxbqG25GrWLG+iUwDXdqit2aFnO2U1AcMsG1CFf5wDuNI4= X-Received: by 2002:a17:906:6a07:: with SMTP id o7mr8787866ejr.454.1601779831788; Sat, 03 Oct 2020 19:50:31 -0700 (PDT) MIME-Version: 1.0 From: Meowthink Date: Sun, 4 Oct 2020 10:50:20 +0800 Message-ID: Subject: How this wired boot timing bug comes, init rc scripts or zfs? To: freebsd-hackers@freebsd.org Content-Type: text/plain; charset="UTF-8" X-Rspamd-Queue-Id: 4C3pBK5RmGz45tn X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20161025 header.b=SgcVlDkm; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (mx1.freebsd.org: domain of meowthink@gmail.com designates 2a00:1450:4864:20::62d as permitted sender) smtp.mailfrom=meowthink@gmail.com X-Spamd-Result: default: False [-2.20 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-0.93)[-0.928]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20161025]; RCVD_TLS_ALL(0.00)[]; FROM_HAS_DN(0.00)[]; DWL_DNSWL_NONE(0.00)[gmail.com:dkim]; R_SPF_ALLOW(-0.20)[+ip6:2a00:1450:4000::/36:c]; FREEMAIL_FROM(0.00)[gmail.com]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-hackers@freebsd.org]; TO_DN_NONE(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; NEURAL_HAM_LONG(-1.02)[-1.021]; TO_MATCH_ENVRCPT_ALL(0.00)[]; DKIM_TRACE(0.00)[gmail.com:+]; DMARC_POLICY_ALLOW(-0.50)[gmail.com,none]; RCVD_IN_DNSWL_NONE(0.00)[2a00:1450:4864:20::62d:from]; NEURAL_HAM_SHORT(-0.25)[-0.246]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ASN(0.00)[asn:15169, ipnet:2a00:1450::/32, country:US]; SUBJECT_ENDS_QUESTION(1.00)[]; MAILMAN_DEST(0.00)[freebsd-hackers]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 04 Oct 2020 02:50:34 -0000 Hello hackers, Recently I installworld and rebooted a server, seems working, but my kerberized nfsd, precisely gssd, is not functional. At first I thought it may be a bug from stable, so I did some trivial tests, replacing the kernel with releng one, then the whole world, but found this is nothing related to the kernel, and triggers randomly when rebooting some recent stable/11 world (releng/11.4 seems fine). To dig it deeper, here is what the console showed when failing: ``` Oct 3 20:23:59 r kernel: Starting file system checks: Oct 3 20:23:59 r kernel: /etc/rc: WARNING: run_rc_command: cannot run /usr/sbin/gssd Oct 3 20:23:59 r kernel: Mounting local filesystems:. Oct 3 20:23:59 r kernel: Updating CPU Microcode... Oct 3 20:23:59 r kernel: Done. Oct 3 20:23:59 r kernel: Starting ctld. Oct 3 20:23:59 r kernel: ctld: bind(2) failed for [::]: Can't assign requested address Oct 3 20:23:59 r kernel: ctld: bind(2) failed for 0.0.0.0: Can't assign requested address Oct 3 20:23:59 r kernel: ctld: failed to apply configuration; exiting Oct 3 20:23:59 r kernel: /etc/rc: WARNING: failed to start ctld Oct 3 20:23:59 r kernel: ELF ldconfig path: /lib /usr/lib /usr/lib/compat /usr/local/lib /usr/dt/lib /usr/local/lib/compat /usr/local/lib/gcc9 /usr/local/lib/graphviz /usr/local/lib/nss /usr/local/lib/perl5/5.28/mach/CORE /usr/local/lib/pth /usr/local/lib/qt4 /usr/local/lib/qt5 /usr/local/lib/samba4 /usr/local/llvm10/lib /usr/local/share/chromium Oct 3 20:23:59 r kernel: 32-bit compatibility ldconfig path: /usr/lib32 /usr/local/lib32/compat Oct 3 20:23:59 r kernel: Setting hostname: r.domain.net. Oct 3 20:23:59 r kernel: Setting up harvesting: [UMA],[FS_ATIME],SWI,INTERRUPT,NET_NG,NET_ETHER,NET_TUN,MOUSE,KEYBOARD,ATTACH,CACHED Oct 3 20:23:59 r kernel: Feeding entropy: . Oct 3 20:23:59 r kernel: Starting Network: lo0 bge0 bge1. ``` Then I realized I have / and /usr in separated zfs(same zpool). It may be that / mounted but /usr not. Thus I changed my /etc/rc.d/gssd line 7 to # REQUIRE: mountcritlocal. By the way, /etc/rc.d/ctld to # REQUIRE: netif. Everything works fine, even rebooting several times. What I am confused is how this happens. It seems that /etc/rc.d/gssd (in addition, /etc/rc.d/ctld) hasn't been changed since 2016. Both gssd and init in stable/11 have no functional changes since releng/11.4. Maybe zfs? but it's in the kernel, and kernel r366306 with releng/11.4 world works(though I only tested few times since rebooting is too boring). Any ideas? Cheers, meowthink From owner-freebsd-hackers@freebsd.org Sun Oct 4 07:03:07 2020 Return-Path: Delivered-To: freebsd-hackers@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 5A3213FCECF for ; Sun, 4 Oct 2020 07:03:07 +0000 (UTC) (envelope-from pjfloyd@wanadoo.fr) Received: from smtp.smtpout.orange.fr (smtp13.smtpout.orange.fr [80.12.242.135]) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (Client CN "Bizanga Labs SMTP Client Certificate", Issuer "Bizanga Labs CA" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4C3vnk01Ddz4LX1 for ; Sun, 4 Oct 2020 07:03:05 +0000 (UTC) (envelope-from pjfloyd@wanadoo.fr) Received: from garrigue.home ([90.112.35.12]) by mwinf5d73 with ME id bj33230030FipBu03j33vB; Sun, 04 Oct 2020 09:03:03 +0200 X-ME-Helo: garrigue.home X-ME-Auth: cGpmbG95ZEB3YW5hZG9vLmZy X-ME-Date: Sun, 04 Oct 2020 09:03:03 +0200 X-ME-IP: 90.112.35.12 From: Paul Floyd Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.120.23.2.1\)) Subject: Re: Hi, I wrote a FOSS D&D dice rolling program Date: Sun, 4 Oct 2020 09:03:02 +0200 References: To: "freebsd-hackers@freebsd.org" In-Reply-To: Message-Id: <700AED36-5C96-46F1-8DD4-79005FA61001@wanadoo.fr> X-Mailer: Apple Mail (2.3608.120.23.2.1) X-Rspamd-Queue-Id: 4C3vnk01Ddz4LX1 X-Spamd-Bar: +++ Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=none (mx1.freebsd.org: domain of pjfloyd@wanadoo.fr has no SPF policy when checking 80.12.242.135) smtp.mailfrom=pjfloyd@wanadoo.fr X-Spamd-Result: default: False [3.42 / 15.00]; RCVD_TLS_LAST(0.00)[]; ARC_NA(0.00)[]; MID_RHS_MATCH_FROM(0.00)[]; FROM_HAS_DN(0.00)[]; FREEMAIL_FROM(0.00)[wanadoo.fr]; MV_CASE(0.50)[]; MIME_GOOD(-0.10)[text/plain]; TO_MATCH_ENVRCPT_ALL(0.00)[]; DMARC_NA(0.00)[wanadoo.fr]; AUTH_NA(1.00)[]; RCPT_COUNT_ONE(0.00)[1]; RWL_MAILSPIKE_POSSIBLE(0.00)[80.12.242.135:from]; NEURAL_SPAM_SHORT(0.41)[0.411]; NEURAL_SPAM_MEDIUM(0.67)[0.672]; NEURAL_SPAM_LONG(0.94)[0.939]; RCVD_IN_DNSWL_NONE(0.00)[80.12.242.135:from]; TO_DN_EQ_ADDR_ALL(0.00)[]; R_SPF_NA(0.00)[no SPF record]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; FREEMAIL_ENVFROM(0.00)[wanadoo.fr]; ASN(0.00)[asn:3215, ipnet:80.12.240.0/20, country:FR]; MIME_TRACE(0.00)[0:+]; MAILMAN_DEST(0.00)[freebsd-hackers]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 04 Oct 2020 07:03:07 -0000 > On 4 Oct 2020, at 00:19, Raj J Putari wrote: > typedef double long int64; Eh? Thankfully this doesn=E2=80=99t seem to be used. > struct Dice { > int Sides; > char description[700]; Doesn=E2=80=99t this overflow after say 50 rolls? > struct Dice Roll; > int rRandSeed; > time_t CurrentTime; =20 > Roll.Sides =3D Dice_Sides; > time(&CurrentTime); > rRandSeed =3D (int)rand() % Roll.Sides; So you get the time and then do nothing with it. I=E2=80=99d expect the = time to be used to seed the random number generation vi =E2=80=98srand()=E2=80=99= rand() isn=E2=80=99t the greatest of random number generators, but I suppose that it is OK for DND dice rolling. If you want people to use your code, it will need to be more complete and tested. A+ Paul= From owner-freebsd-hackers@freebsd.org Sun Oct 4 20:09:16 2020 Return-Path: Delivered-To: freebsd-hackers@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 98479432288 for ; Sun, 4 Oct 2020 20:09:16 +0000 (UTC) (envelope-from theron.tarigo@gmail.com) Received: from mail-pg1-x536.google.com (mail-pg1-x536.google.com [IPv6:2607:f8b0:4864:20::536]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4C4FDq0g61z4CwD for ; Sun, 4 Oct 2020 20:09:14 +0000 (UTC) (envelope-from theron.tarigo@gmail.com) Received: by mail-pg1-x536.google.com with SMTP id o25so4413995pgm.0 for ; Sun, 04 Oct 2020 13:09:14 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=sender:subject:to:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-transfer-encoding:content-language; bh=VJvjRGZyMAq1XRsWAMxhiF5QWNvaTjNlwNIPjZ4kFW4=; b=bizw+9GfYS2MkAMXvHvIVGtIHBRvhzpaBIw8HbUsi+u+VMjokz+aGuTcTEHGUDCKXB 5se++mK3ExOlkYgBwQQJT3JLKHBBRC1N8TCqrImfJQWVkngCqeaT0kLDmt2EpSt82Dbc 9JRWGqmR5RZcWlP6JlzS5/qbKy5qUZac3Jp6/L+QjCbi06u0+sjOB+SShxGq/5XeJXAH isv3cQ/dq39z73iSoJOD16rTwghjVNcD8hW151VL3xVC5dghCTQclNmOpRqx6j+9wEit wqgg9XfbQZdjphAgAaaR6LEm/MOhjE0zp6e4t/BTW84xeUtGvCH986OjlscZ+41SmDMB zNNg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:subject:to:references:from:message-id :date:user-agent:mime-version:in-reply-to:content-transfer-encoding :content-language; bh=VJvjRGZyMAq1XRsWAMxhiF5QWNvaTjNlwNIPjZ4kFW4=; b=mpRu3euNbwrO1hW1gLApdYiWHthHQ3hsS2xSwM93knK1VjHF9CFbCHpm6IofswsPHn 6RWEQ4fa6JKPWIhIn1LQCqnLW7ApuQx0nUsxdMrCXkCh4wFYxTCSQ5XYYepbe5CtQF8d oTLGyNW35tZwKzkih8WLBlli2Jod0cjTUcG9Ne9qt8sSBxEVTzJZ8dpQbU9R9zeymash 2ZBNqAZtz0I6OlK1iaetIp+4A/KfbrHbuwrz0nAbBlWSUR6hsoGpeOVB4M2UY0+HdKX2 nBd68lywO6Q/JK8slOk5qC9z6w/6VFGU+flFnGZD5sN/7fGXsdLd9sSB9n7GIXdkWv7g XPFA== X-Gm-Message-State: AOAM533PseSou3WXjQw4orOisqVwpu3jpIefz2BTvh3caVy99xRdch+j XwZgchNtbUo+0ZoFAsuIrxhiImsrkLFQlw== X-Google-Smtp-Source: ABdhPJzTMQnhs+QN8SUA2dEJa3tnZMuVtfHR78nTbVVHdR9hsr9Opxa5q/PW3kc4VtVB2O/7Wsbg2A== X-Received: by 2002:a62:fb09:0:b029:152:117a:facd with SMTP id x9-20020a62fb090000b0290152117afacdmr4163819pfm.22.1601842153222; Sun, 04 Oct 2020 13:09:13 -0700 (PDT) Received: from [192.168.1.37] (c-98-37-17-69.hsd1.ca.comcast.net. [98.37.17.69]) by smtp.gmail.com with ESMTPSA id gi20sm8120263pjb.28.2020.10.04.13.09.12 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Sun, 04 Oct 2020 13:09:12 -0700 (PDT) Sender: Theron Tarigo Subject: Re: Hi, I wrote a FOSS D&D dice rolling program To: Paul Floyd , "freebsd-hackers@freebsd.org" References: <700AED36-5C96-46F1-8DD4-79005FA61001@wanadoo.fr> From: Theron Message-ID: <399ba3d1-9cb4-de2e-6722-bab188907e6f@gmail.com> Date: Sun, 4 Oct 2020 16:08:50 -0400 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:68.0) Gecko/20100101 Thunderbird/68.8.1 MIME-Version: 1.0 In-Reply-To: <700AED36-5C96-46F1-8DD4-79005FA61001@wanadoo.fr> Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit Content-Language: en-US X-Rspamd-Queue-Id: 4C4FDq0g61z4CwD X-Spamd-Bar: --- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20161025 header.b=bizw+9Gf; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (mx1.freebsd.org: domain of therontarigo@gmail.com designates 2607:f8b0:4864:20::536 as permitted sender) smtp.mailfrom=therontarigo@gmail.com X-Spamd-Result: default: False [-3.11 / 15.00]; TO_DN_EQ_ADDR_SOME(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36:c]; FREEMAIL_FROM(0.00)[gmail.com]; RCVD_COUNT_THREE(0.00)[3]; DKIM_TRACE(0.00)[gmail.com:+]; RCPT_COUNT_TWO(0.00)[2]; DMARC_POLICY_ALLOW(-0.50)[gmail.com,none]; NEURAL_HAM_SHORT(-0.12)[-0.122]; FREEMAIL_TO(0.00)[wanadoo.fr,freebsd.org]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]; MID_RHS_MATCH_FROM(0.00)[]; TAGGED_FROM(0.00)[]; DWL_DNSWL_NONE(0.00)[gmail.com:dkim]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-0.97)[-0.968]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20161025]; FROM_HAS_DN(0.00)[]; NEURAL_HAM_LONG(-1.02)[-1.025]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-hackers@freebsd.org]; TO_MATCH_ENVRCPT_SOME(0.00)[]; RCVD_IN_DNSWL_NONE(0.00)[2607:f8b0:4864:20::536:from]; RCVD_TLS_ALL(0.00)[]; MAILMAN_DEST(0.00)[freebsd-hackers] X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 04 Oct 2020 20:09:16 -0000 On 2020-10-04 03:03, Paul Floyd wrote: > If you want people to use your code, it will need to be > more complete and tested. > > A+ > Paul On 2020-10-03 18:19, Raj J Putari wrote: > // Created by unidef on 10/3/20. FYI "unidef" is a name associated with previous incoherent and/or AI-written posts to hackers@ and appears to be some kind of troll (or consistently poorly-thought-out/ignorant but well-meaning suggestions, not sure). The weird thing is, some of these posts seem to start with legitimate ideas ( code-signing, concern about privilege escalation, etc.) but appear hopelessly confused. On 2019-07-06 01:21, Unidef wrote: > I was thinking about embedding encrypted JavaScript in a :a h ref ; tag and thought about an injection hack, so is it hard to implement some kind of pointer function exception handling in the kernel? I have to read the FreeBSD kernel book :( > > Sent from my iPhone From another recent exchange: On 2020-10-01 23:50, Gleb Popov wrote: > On Fri, Oct 2, 2020, 06:10 Raj J Putari wrote: > (snip) >> What does everyone think? When I get my check, im going to cludge around >> in FBSD13-CURRENT > No offense, but the message looks like it was autogenerated using some > neural network algorithm. Sorry if I'm mistaken. From owner-freebsd-hackers@freebsd.org Sun Oct 4 21:28:11 2020 Return-Path: Delivered-To: freebsd-hackers@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 3DE01434357 for ; Sun, 4 Oct 2020 21:28:11 +0000 (UTC) (envelope-from rmacklem@uoguelph.ca) Received: from CAN01-TO1-obe.outbound.protection.outlook.com (mail-eopbgr670062.outbound.protection.outlook.com [40.107.67.62]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mail.protection.outlook.com", Issuer "GlobalSign Organization Validation CA - SHA256 - G3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4C4Gzt1BhYz4J3l for ; Sun, 4 Oct 2020 21:28:09 +0000 (UTC) (envelope-from rmacklem@uoguelph.ca) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ev9RhiX8dbFF/xzuFWpWSXKkWAN+SDU7cCzYmMcSXqXJt91HceLUc/ti6kA9ItgiQ6FirZnfhSBh+q5pNmHrhdl083oh4RUkd/lQvnX0FbjijmYaX7UshyFFHA/4MELHvGjt9NlKwBRov7IlTqq1AL+GzJa4x8xUQSw2vds6ZUS917tUt6JPuFlyttSMohmirEpIOFZdXhSSb8nOAbI6EKcI0tSQ/dfhhEi5QYfabELxyoX5jzGbOMrmRTlS5LTF5Y2xScy5IT+gxyMb6J2BNSkx54mSBMdHBIY2k0LiTF8UxZLD0rdA5Z4THFiugX863wszof2Lw/m9c/CgMCf+Bg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=2CIL/mm0zNrScwmNNT9f3a1oWPmeqnCHDpXQBVaWPLM=; b=Abpgoo+2cFFSJrzV7wdCq8mdBA/thD3G0ZB9pOKNXwf2jxFcTXBEyFKsmnr7ADfaO7bzoOo5hWFfnXYpb0BPDaChSz1Mt1Un0AqxVI1jKvhPCWow1EpQSr6Ck7kw6wgUNW1wB8BfhWeZDtoAZtCnloqrQdzg5I0mfoSo3D0uKOQc1JAD8hyD0JcKwUqd+DxRyy/LsYDmicpkh3Af8ek6heFlP3CE9F/bHF4uOVwijcSlVqEam1NwgsPmHoYfiy8KpZV4dLUFMAPzfrKSrHnSgFih1eRUffUOwydaBpDZmeWOaW3K+CgJO+CyU0VKiwOWsntHHqRy7YDBTwUXCFfbBQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=uoguelph.ca; dmarc=pass action=none header.from=uoguelph.ca; dkim=pass header.d=uoguelph.ca; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=uoguelph.ca; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=2CIL/mm0zNrScwmNNT9f3a1oWPmeqnCHDpXQBVaWPLM=; b=aHr8CAaOdrHTrQRwRIYm5tN+A2xbLhwh9T9r9+eS+6Naa81XJNOhOdlkWnv/lvOEsnpywkS3eySTHfEk3N49WTvmhkRh2L3b2jM6lSpGxnGgJ7rr9ORhQ0/QNwZiAWniAT1vlB1Pvm2cLRiG89wAhoB58ExmeB1JAWw8u02YU62Pwdu8mIf0wrF7mC59khTxlsKutFtt4tAGW3bwSb+JlUpJDHH199Gh8QwCk6tP2I6hKpWw/8aI86xqRjn6CvmddNrLKlhYI0YDqH9sj1luT0OPMQB12X8J8KmUrFWJDegeuwn0c4DwSGm73B5p8d9aNqFzBxn3BCgccDTVEZmEoQ== Received: from YTBPR01MB3966.CANPRD01.PROD.OUTLOOK.COM (2603:10b6:b01:24::27) by YTOPR0101MB2314.CANPRD01.PROD.OUTLOOK.COM (2603:10b6:b00:17::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3412.22; Sun, 4 Oct 2020 21:28:08 +0000 Received: from YTBPR01MB3966.CANPRD01.PROD.OUTLOOK.COM ([fe80::687f:d85a:a0a3:bd20]) by YTBPR01MB3966.CANPRD01.PROD.OUTLOOK.COM ([fe80::687f:d85a:a0a3:bd20%6]) with mapi id 15.20.3433.044; Sun, 4 Oct 2020 21:28:08 +0000 From: Rick Macklem To: Meowthink , "freebsd-hackers@freebsd.org" Subject: Re: How this wired boot timing bug comes, init rc scripts or zfs? Thread-Topic: How this wired boot timing bug comes, init rc scripts or zfs? Thread-Index: AQHWmfkl7m9uvwZgSESfOu7kxuLuh6mH8/LQ Date: Sun, 4 Oct 2020 21:28:08 +0000 Message-ID: References: In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 6f75eea7-86e9-4114-ba89-08d868ac6375 x-ms-traffictypediagnostic: YTOPR0101MB2314: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:9508; x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: A58hJ1r4reTaF3xcddNsad1tAL5z8hw3VpXHvio/a7ZUChgTRJi2qqTehSc70fl2/24ZEt1EpyFtdpBdy5+pkShOy1oh8KiY7bJ2No5wiHYQTc8+67/c2Q2quQdl2ukN+9yNlLoveYyevyDp0OgeQ6oQGXH/HQaN+twusPS47/bZ6P/TDKsKUhZ8an2gsF99QdhK1SaVtQFCIDMBTl4DALiSjUOItRw/kjbXbHDZGVZzB8nnDBhdseogWDO6Gd3heJW2mQMQfnalGlX9LWh7yVtwyyj5+ukqfW2GVzWJFBW3/ad2I29HbWMWc1CFnhuzh9jcbapnN4OEokj8kuoVOxP7nDmYOpLptmEKVAP+4+OqzZ9eeO1/BSOsyJYZBEL7gFTcps+ka6pf1IB1B9OKwJXroVLfEtVAgLmoHSErDEoz0Kg0PgZfOu1MdiEGzRs0x1IKIbiwJtC7VMpzaVdLYQ== x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:YTBPR01MB3966.CANPRD01.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(346002)(366004)(136003)(376002)(396003)(39850400004)(86362001)(9686003)(8936002)(2906002)(5660300002)(83380400001)(52536014)(66556008)(66476007)(66946007)(76116006)(110136005)(786003)(33656002)(316002)(478600001)(6506007)(7696005)(66446008)(966005)(186003)(71200400001)(8676002)(55016002)(64756008); DIR:OUT; SFP:1101; x-ms-exchange-antispam-messagedata: 95rKlunjFEGmnmlIDSYvQboNhADSwhwk+tUZAvOHs9oGKToMZlDOLKK31rDcclW9FIVyQyOKQgp70Ly2iolXQFc7GBdbCSh3HwTCikAFwOGPaXs7fDg225x5o/gNv3F9r60tKpsZ+9t7lsj3QVcLmDIAtf76rPE198GqG4I0WlBl+P4CxsBqMcB1g5J18NG+gq3SwiXfNCy/NN/5Bge0yfGn7xr/BTZuEjEeH4l64BNQcnBKdV7rJC3WWRL7sbgRr/CWHiZbslPu3KzfdkK/X5jE7we2Ms72UcqP43D5dJsgRCRQ9a3DUqRBOxkxVoiC+1Z9ql5hAgsrc0z4ZYEeT8mzGT16mKpo1MquvzA5uujOP24Q00CZIpVg8rV1eMQWmpPd12T838GzXuUOzQniVzPSYptWcrizOTkYAsJEj4+k+YdRbvkzTSuiSXkjFQvcraOUGo8ybPjQH501oOgJg+5fHqIzq6xMXWlLx+HYMvJ+wu5hXJrapny8Uv8zW6TCptn57XXArhV+QPczEJhijJwUetN1qoV6xhsxk+gaU0tJ+rhPpNFodcVHf1gZA1KaRJWAZVSd9aLDz0FO7Dy3iJKEZ9qBuN51FF/bvvfj54qCT8spW8KcYwlWiwgvXUcIwR2LhQrSTwIDnST/CtF/UGqNTtk2KV+Lf1zDkian9NNMChS5MN2qtIk/l3YxScLU0RQn+xwxbv/I03/28QSpwA== x-ms-exchange-transport-forked: True Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: uoguelph.ca X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: YTBPR01MB3966.CANPRD01.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-Network-Message-Id: 6f75eea7-86e9-4114-ba89-08d868ac6375 X-MS-Exchange-CrossTenant-originalarrivaltime: 04 Oct 2020 21:28:08.4549 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: be62a12b-2cad-49a1-a5fa-85f4f3156a7d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: Y2PGLC1X5fsp0LI07BaukKPNH6CqnPi5kSJmLCUQi2HffydkhxyhvVU0/U5CeMqsd6h1JlN8OwMLZBlDcMficA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: YTOPR0101MB2314 X-Rspamd-Queue-Id: 4C4Gzt1BhYz4J3l X-Spamd-Bar: ----- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=uoguelph.ca header.s=selector1 header.b=aHr8CAaO; dmarc=pass (policy=none) header.from=uoguelph.ca; spf=pass (mx1.freebsd.org: domain of rmacklem@uoguelph.ca designates 40.107.67.62 as permitted sender) smtp.mailfrom=rmacklem@uoguelph.ca X-Spamd-Result: default: False [-5.41 / 15.00]; TO_DN_EQ_ADDR_SOME(0.00)[]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:40.107.0.0/16]; RCVD_COUNT_THREE(0.00)[3]; DKIM_TRACE(0.00)[uoguelph.ca:+]; RCPT_COUNT_TWO(0.00)[2]; DMARC_POLICY_ALLOW(-0.50)[uoguelph.ca,none]; NEURAL_HAM_SHORT(-1.33)[-1.328]; FREEMAIL_TO(0.00)[gmail.com,freebsd.org]; FROM_EQ_ENVFROM(0.00)[]; RCVD_TLS_LAST(0.00)[]; MIME_TRACE(0.00)[0:+]; ARC_ALLOW(-1.00)[microsoft.com:s=arcselector9901:i=1]; ASN(0.00)[asn:8075, ipnet:40.104.0.0/14, country:US]; RCVD_IN_DNSWL_LOW(-0.10)[40.107.67.62:from]; NEURAL_HAM_MEDIUM(-0.98)[-0.983]; R_DKIM_ALLOW(-0.20)[uoguelph.ca:s=selector1]; FREEFALL_USER(0.00)[rmacklem]; FROM_HAS_DN(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000]; MIME_GOOD(-0.10)[text/plain]; SUBJECT_ENDS_QUESTION(1.00)[]; DWL_DNSWL_LOW(-1.00)[uoguelph.ca:dkim]; TO_MATCH_ENVRCPT_SOME(0.00)[]; RWL_MAILSPIKE_POSSIBLE(0.00)[40.107.67.62:from]; MAILMAN_DEST(0.00)[freebsd-hackers] X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 04 Oct 2020 21:28:11 -0000 Meowthink wrote:=0A= >Hello hackers,=0A= >Recently I installworld and rebooted a server, seems working, but my=0A= >kerberized nfsd, precisely gssd, is not functional.=0A= >At first I thought it may be a bug from stable, so I did some trivial=0A= >tests, replacing the kernel with releng one, then the whole world, but=0A= >found this is nothing related to the kernel, and triggers randomly=0A= >when rebooting some recent stable/11 world (releng/11.4 seems fine).=0A= >To dig it deeper, here is what the console showed when failing:=0A= >```=0A= >Oct 3 20:23:59 r kernel: Starting file system checks:=0A= >Oct 3 20:23:59 r kernel: /etc/rc: WARNING: run_rc_command: cannot run=0A= >/usr/sbin/gssd=0A= >Oct 3 20:23:59 r kernel: Mounting local filesystems:.=0A= >Oct 3 20:23:59 r kernel: Updating CPU Microcode...=0A= >Oct 3 20:23:59 r kernel: Done.=0A= >Oct 3 20:23:59 r kernel: Starting ctld.=0A= >Oct 3 20:23:59 r kernel: ctld: bind(2) failed for [::]: Can't assign=0A= >requested address=0A= >Oct 3 20:23:59 r kernel: ctld: bind(2) failed for 0.0.0.0: Can't=0A= >assign requested address=0A= >Oct 3 20:23:59 r kernel: ctld: failed to apply configuration; exiting=0A= >Oct 3 20:23:59 r kernel: /etc/rc: WARNING: failed to start ctld=0A= >Oct 3 20:23:59 r kernel: ELF ldconfig path: /lib /usr/lib=0A= >/usr/lib/compat /usr/local/lib /usr/dt/lib /usr/local/lib/compat=0A= >/usr/local/lib/gcc9 /usr/local/lib/graphviz /usr/local/lib/nss=0A= >/usr/local/lib/perl5/5.28/mach/CORE /usr/local/lib/pth=0A= >/usr/local/lib/qt4 /usr/local/lib/qt5 /usr/local/lib/samba4=0A= >/usr/local/llvm10/lib /usr/local/share/chromium=0A= >Oct 3 20:23:59 r kernel: 32-bit compatibility ldconfig path:=0A= >/usr/lib32 /usr/local/lib32/compat=0A= >Oct 3 20:23:59 r kernel: Setting hostname: r.domain.net.=0A= >Oct 3 20:23:59 r kernel: Setting up harvesting:=0A= >[UMA],[FS_ATIME],SWI,INTERRUPT,NET_NG,NET_ETHER,NET_TUN,MOUSE,KEYBOARD,ATT= ACH,CACHED=0A= >Oct 3 20:23:59 r kernel: Feeding entropy: .=0A= >Oct 3 20:23:59 r kernel: Starting Network: lo0 bge0 bge1.=0A= >```=0A= >Then I realized I have / and /usr in separated zfs(same zpool). It may=0A= >be that / mounted but /usr not. Thus I changed my /etc/rc.d/gssd line=0A= >7 to # REQUIRE: mountcritlocal. =0A= I don't know what has changed post-11.4 to cause this.=0A= However, the problem with adding "mountcritlocal" is that it assumes=0A= /usr is a locally mounted file system and not NFS mounted nor a subtree=0A= of "/".=0A= --> I think a better solution might be to move gssd to /sbin, which should= =0A= always be a part of the root fs. (/etc/rc.d/gssd already has "root" a= s=0A= REQUIRED.)=0A= =0A= I have a similar problem with the rpc.tlsclntd daemon I have developed=0A= for NFS-over-TLS.=0A= - Neither sec=3Dkrb5[ip] nor tls can be used for an NFS mounted root,=0A= but I think we just have to live with that?=0A= =0A= Do others have any suggestions? rick=0A= =0A= By the way, /etc/rc.d/ctld to #=0A= REQUIRE: netif. Everything works fine, even rebooting several times.=0A= What I am confused is how this happens. It seems that /etc/rc.d/gssd=0A= (in addition, /etc/rc.d/ctld) hasn't been changed since 2016. Both=0A= gssd and init in stable/11 have no functional changes since=0A= releng/11.4. Maybe zfs? but it's in the kernel, and kernel r366306=0A= with releng/11.4 world works(though I only tested few times since=0A= rebooting is too boring).=0A= Any ideas?=0A= =0A= Cheers,=0A= meowthink=0A= _______________________________________________=0A= freebsd-hackers@freebsd.org mailing list=0A= https://lists.freebsd.org/mailman/listinfo/freebsd-hackers=0A= To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@freebsd.org"= =0A= =0A= From owner-freebsd-hackers@freebsd.org Sun Oct 4 21:38:01 2020 Return-Path: Delivered-To: freebsd-hackers@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 6AB3A43433B for ; Sun, 4 Oct 2020 21:38:01 +0000 (UTC) (envelope-from wlosh@bsdimp.com) Received: from mail-qt1-x841.google.com (mail-qt1-x841.google.com [IPv6:2607:f8b0:4864:20::841]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4C4HCC5NLTz4K0j for ; Sun, 4 Oct 2020 21:37:59 +0000 (UTC) (envelope-from wlosh@bsdimp.com) Received: by mail-qt1-x841.google.com with SMTP id j22so7858865qtj.8 for ; Sun, 04 Oct 2020 14:37:59 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bsdimp-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=M1WdzsNlmmChkEbJ54jlYFOVt+gtDzgMOm+n7d6sSMI=; b=TQomG56X3rcWRkSFybvEWHS8veg9JWBGWUyMJ/lA/VlNmrSKOWxCZAIgjDQkzysu+k WpVqZldkpbuBsfcVk+9dyTGA3IvOK0nMp1JqFg8leyJ/yZGiT508wE1T8VkMbTxeK5R8 sydp4GkWNLS6j140X0zI9fxiCBse7X48DoWIKq15zk4w1XzkWupUWzru/YS0wt6KyTjA a+X45I1rPiVoE0+/8Y+UWXH4N1VI/io9xzDBU2TuKqa8E307tVwD6tjux0dqEHh8T4RL Orv2RlKe5GGiQjqRyvZkmkP865NgrKerUGeSYyuehg5U7YLtBmxVzgOJY4A6hm47Nz1S Zt3A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=M1WdzsNlmmChkEbJ54jlYFOVt+gtDzgMOm+n7d6sSMI=; b=Yn+upr4RuMg4J7wEMA3zOJtNsdOxDwxN2xTw34tFfjhGHTJfnRnHSPNKups3RClPfs f/sPTuKLsapkL3/2OZtfSyTSRXBOad2BwICdo9PVNoKjX63nTkPpA8oJHwXXpNoXcYxo 5n5LwByf0XxlL2SXiTNSMShGTTXu4Ow3/CJRxdfNhyDFVmJMqHYfEOlf3NJwdY4x5Z3d KhucMKx9lWyYQsDP5ZwWModXNbwifuOF4aZfAM/++cr4bc6dF+xg4cT2dNWKv2P8yanh yGcgv8PC4jAk0RQe2FDGy+ovkQE3momIjN9ns9d7V9EL30W+oG2KQyO+kofTV5VAk63e YW3g== X-Gm-Message-State: AOAM530SL1RYkljJ7mhVFc933aHbzS5OsHCXPLXDQOe/Ay2a8+GqGLB/ ed5RLKUDtVBxOMmcbTjv31+sXKjl+1OTe3QGRrSu9Q== X-Google-Smtp-Source: ABdhPJxiUK10DP7igU0qd3SbTCYSsP/P77nmcDDE6KAkq4DR3Nxp6wBhPxT2i4/+vj+6IKp573GXHq6k+H1NK9N6dgA= X-Received: by 2002:ac8:4cd0:: with SMTP id l16mr11356581qtv.175.1601847478464; Sun, 04 Oct 2020 14:37:58 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: Warner Losh Date: Sun, 4 Oct 2020 15:37:46 -0600 Message-ID: Subject: Re: How this wired boot timing bug comes, init rc scripts or zfs? To: Rick Macklem Cc: Meowthink , FreeBSD Hackers X-Rspamd-Queue-Id: 4C4HCC5NLTz4K0j X-Spamd-Bar: + Authentication-Results: mx1.freebsd.org; dkim=pass header.d=bsdimp-com.20150623.gappssmtp.com header.s=20150623 header.b=TQomG56X; dmarc=none; spf=none (mx1.freebsd.org: domain of wlosh@bsdimp.com has no SPF policy when checking 2607:f8b0:4864:20::841) smtp.mailfrom=wlosh@bsdimp.com X-Spamd-Result: default: False [1.35 / 15.00]; URI_COUNT_ODD(1.00)[3]; TO_DN_ALL(0.00)[]; DKIM_TRACE(0.00)[bsdimp-com.20150623.gappssmtp.com:+]; FORGED_SENDER(0.30)[imp@bsdimp.com,wlosh@bsdimp.com]; MIME_TRACE(0.00)[0:+,1:+,2:~]; SUBJECT_ENDS_QUESTION(1.00)[]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]; FROM_NEQ_ENVFROM(0.00)[imp@bsdimp.com,wlosh@bsdimp.com]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-0.88)[-0.876]; R_DKIM_ALLOW(-0.20)[bsdimp-com.20150623.gappssmtp.com:s=20150623]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[3]; NEURAL_SPAM_SHORT(0.16)[0.162]; NEURAL_HAM_LONG(-0.93)[-0.934]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-hackers@freebsd.org]; DMARC_NA(0.00)[bsdimp.com]; TO_MATCH_ENVRCPT_SOME(0.00)[]; RCVD_IN_DNSWL_NONE(0.00)[2607:f8b0:4864:20::841:from]; HTTP_TO_IP(1.00)[]; R_SPF_NA(0.00)[no SPF record]; FREEMAIL_CC(0.00)[gmail.com,freebsd.org]; RCVD_TLS_ALL(0.00)[]; MAILMAN_DEST(0.00)[freebsd-hackers]; RCVD_COUNT_TWO(0.00)[2] Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.33 X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 04 Oct 2020 21:38:01 -0000 On Sun, Oct 4, 2020, 3:28 PM Rick Macklem wrote: > Meowthink wrote: > >Hello hackers, > >Recently I installworld and rebooted a server, seems working, but my > >kerberized nfsd, precisely gssd, is not functional. > >At first I thought it may be a bug from stable, so I did some trivial > >tests, replacing the kernel with releng one, then the whole world, but > >found this is nothing related to the kernel, and triggers randomly > >when rebooting some recent stable/11 world (releng/11.4 seems fine). > >To dig it deeper, here is what the console showed when failing: > >``` > >Oct 3 20:23:59 r kernel: Starting file system checks: > >Oct 3 20:23:59 r kernel: /etc/rc: WARNING: run_rc_command: cannot run > >/usr/sbin/gssd > >Oct 3 20:23:59 r kernel: Mounting local filesystems:. > >Oct 3 20:23:59 r kernel: Updating CPU Microcode... > >Oct 3 20:23:59 r kernel: Done. > >Oct 3 20:23:59 r kernel: Starting ctld. > >Oct 3 20:23:59 r kernel: ctld: bind(2) failed for [::]: Can't assign > >requested address > >Oct 3 20:23:59 r kernel: ctld: bind(2) failed for 0.0.0.0: Can't > >assign requested address > >Oct 3 20:23:59 r kernel: ctld: failed to apply configuration; exiting > >Oct 3 20:23:59 r kernel: /etc/rc: WARNING: failed to start ctld > >Oct 3 20:23:59 r kernel: ELF ldconfig path: /lib /usr/lib > >/usr/lib/compat /usr/local/lib /usr/dt/lib /usr/local/lib/compat > >/usr/local/lib/gcc9 /usr/local/lib/graphviz /usr/local/lib/nss > >/usr/local/lib/perl5/5.28/mach/CORE /usr/local/lib/pth > >/usr/local/lib/qt4 /usr/local/lib/qt5 /usr/local/lib/samba4 > >/usr/local/llvm10/lib /usr/local/share/chromium > >Oct 3 20:23:59 r kernel: 32-bit compatibility ldconfig path: > >/usr/lib32 /usr/local/lib32/compat > >Oct 3 20:23:59 r kernel: Setting hostname: r.domain.net. > >Oct 3 20:23:59 r kernel: Setting up harvesting: > > >[UMA],[FS_ATIME],SWI,INTERRUPT,NET_NG,NET_ETHER,NET_TUN,MOUSE,KEYBOARD,ATTACH,CACHED > >Oct 3 20:23:59 r kernel: Feeding entropy: . > >Oct 3 20:23:59 r kernel: Starting Network: lo0 bge0 bge1. > >``` > >Then I realized I have / and /usr in separated zfs(same zpool). It may > >be that / mounted but /usr not. Thus I changed my /etc/rc.d/gssd line > >7 to # REQUIRE: mountcritlocal. > I don't know what has changed post-11.4 to cause this. > However, the problem with adding "mountcritlocal" is that it assumes > /usr is a locally mounted file system and not NFS mounted nor a subtree > of "/". > --> I think a better solution might be to move gssd to /sbin, which should > always be a part of the root fs. (/etc/rc.d/gssd already has "root" > as > REQUIRED.) > Make the move. It is an early utility in reality. Warner > > I have a similar problem with the rpc.tlsclntd daemon I have developed > for NFS-over-TLS. > - Neither sec=krb5[ip] nor tls can be used for an NFS mounted root, > but I think we just have to live with that? > > Do others have any suggestions? rick > > By the way, /etc/rc.d/ctld to # > REQUIRE: netif. Everything works fine, even rebooting several times. > What I am confused is how this happens. It seems that /etc/rc.d/gssd > (in addition, /etc/rc.d/ctld) hasn't been changed since 2016. Both > gssd and init in stable/11 have no functional changes since > releng/11.4. Maybe zfs? but it's in the kernel, and kernel r366306 > with releng/11.4 world works(though I only tested few times since > rebooting is too boring). > Any ideas? > > Cheers, > meowthink > _______________________________________________ > freebsd-hackers@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-hackers > To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@freebsd.org" > > _______________________________________________ > freebsd-hackers@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-hackers > To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@freebsd.org" > From owner-freebsd-hackers@freebsd.org Mon Oct 5 00:03:33 2020 Return-Path: Delivered-To: freebsd-hackers@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 10C1E437D93 for ; Mon, 5 Oct 2020 00:03:33 +0000 (UTC) (envelope-from meowthink@gmail.com) Received: from mail-ed1-x543.google.com (mail-ed1-x543.google.com [IPv6:2a00:1450:4864:20::543]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4C4LR82mMcz4Qwj for ; Mon, 5 Oct 2020 00:03:32 +0000 (UTC) (envelope-from meowthink@gmail.com) Received: by mail-ed1-x543.google.com with SMTP id l24so7450930edj.8 for ; Sun, 04 Oct 2020 17:03:32 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=42B4RDptX2aD4wQbjt4rl1nxxFwG3eE3cAupmpDOmiw=; b=XX3VFPtXOBqkEaVyR/NNPEKiUeM5a8RWgb1I7Wc0FxP5BjR3A6TuXj8dwMf1/TqnCf TeNpd5zxDI64lx2EGmu/R+QsH7gOpyJ8YEV0BSwx+6Ry7npSpGvrADHPkaWxqJMacWiY Tdfhkw5grP2KO+Bp89lFay7wlhg2EtN7qhqSaW9LE+8KT5QrNRL0S+cqk6uKwbWvRg4s gaB2ZlKWspZFXIovpDtOWuh1tRvef7saacECSwa9vMcLeG/GclltypIu4UNCIGvJoabM MH2crau6ySSHgFV7ReKY9ZYb2NRjFFyXHw/gSEjWjv1JbAqfdd30aOdTSSf5hvQbfUWE 075g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=42B4RDptX2aD4wQbjt4rl1nxxFwG3eE3cAupmpDOmiw=; b=R74RG5muX8DcIC1MAMGtvSNkEMujuF9+Ed01pRYtpipoXDH9OYCVIS5uMgWaFGZf6p MdHNcuBaHtqpjZRa4cQo9Ph4vUEbqIkxoQ+tzLspCwFD5Jprc/Wi/hAKd2Z8+5P64+kN Uhwk9Z3E1gzzav5S2JN3TQqkZo2gNHiyohCOvwaMHXdA/ZvRudO2pEijOcvkNmXQpkBo EqI6U1FeI8E7ZmuU96DKiBdN3HwY0jYhTRlU2bEGf2ZL/vx8rhBZZIjvJu06h4WBEDf2 ullZLvTmuGGPkDFXU86XStPe639oCQd2MHyPb5NsUI6XWTO0CcF7B5vb/JkNW+27N9Zu n/3Q== X-Gm-Message-State: AOAM5306SX89hpOMkPyE8NZZW7W/A/6bCFPAivJsFRzYn2bOWx+FpAzV ZBVi+xHRek/8qSYXobTXoS2KLx/zi7YM/ncMhWfPDBuqlK8= X-Google-Smtp-Source: ABdhPJyE3LD+6YVKbBZ/JJHK1QXWXsCdDi3EkCUCQqvUQB6gfARNvE9ivG3r2JQKtp/ug01PlTlT7gFapI/Pv1oVqgs= X-Received: by 2002:a50:8e43:: with SMTP id 3mr5621579edx.178.1601856210782; Sun, 04 Oct 2020 17:03:30 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: Meowthink Date: Mon, 5 Oct 2020 08:03:19 +0800 Message-ID: Subject: Re: How this wired boot timing bug comes, init rc scripts or zfs? To: FreeBSD Hackers Content-Type: text/plain; charset="UTF-8" X-Rspamd-Queue-Id: 4C4LR82mMcz4Qwj X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20161025 header.b=XX3VFPtX; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (mx1.freebsd.org: domain of meowthink@gmail.com designates 2a00:1450:4864:20::543 as permitted sender) smtp.mailfrom=meowthink@gmail.com X-Spamd-Result: default: False [-2.55 / 15.00]; RCVD_TLS_ALL(0.00)[]; ARC_NA(0.00)[]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20161025]; NEURAL_HAM_MEDIUM(-0.99)[-0.994]; FROM_HAS_DN(0.00)[]; DWL_DNSWL_NONE(0.00)[gmail.com:dkim]; FREEMAIL_FROM(0.00)[gmail.com]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-hackers@freebsd.org]; NEURAL_HAM_LONG(-1.04)[-1.043]; RCPT_COUNT_ONE(0.00)[1]; TO_DN_ALL(0.00)[]; DKIM_TRACE(0.00)[gmail.com:+]; DMARC_POLICY_ALLOW(-0.50)[gmail.com,none]; RCVD_IN_DNSWL_NONE(0.00)[2a00:1450:4864:20::543:from]; NEURAL_HAM_SHORT(-0.52)[-0.517]; R_SPF_ALLOW(-0.20)[+ip6:2a00:1450:4000::/36]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ASN(0.00)[asn:15169, ipnet:2a00:1450::/32, country:US]; SUBJECT_ENDS_QUESTION(1.00)[]; MAILMAN_DEST(0.00)[freebsd-hackers]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 05 Oct 2020 00:03:33 -0000 On Mon, Oct 5, 2020 at 5:37 AM Warner Losh wrote: > > > > On Sun, Oct 4, 2020, 3:28 PM Rick Macklem wrote: >> >> Meowthink wrote: >> >Hello hackers, >> >Recently I installworld and rebooted a server, seems working, but my >> >kerberized nfsd, precisely gssd, is not functional. >> >At first I thought it may be a bug from stable, so I did some trivial >> >tests, replacing the kernel with releng one, then the whole world, but >> >found this is nothing related to the kernel, and triggers randomly >> >when rebooting some recent stable/11 world (releng/11.4 seems fine). >> >To dig it deeper, here is what the console showed when failing: >> >``` >> >Oct 3 20:23:59 r kernel: Starting file system checks: >> >Oct 3 20:23:59 r kernel: /etc/rc: WARNING: run_rc_command: cannot run >> >/usr/sbin/gssd >> >Oct 3 20:23:59 r kernel: Mounting local filesystems:. >> >Oct 3 20:23:59 r kernel: Updating CPU Microcode... >> >Oct 3 20:23:59 r kernel: Done. >> >Oct 3 20:23:59 r kernel: Starting ctld. >> >Oct 3 20:23:59 r kernel: ctld: bind(2) failed for [::]: Can't assign >> >requested address >> >Oct 3 20:23:59 r kernel: ctld: bind(2) failed for 0.0.0.0: Can't >> >assign requested address >> >Oct 3 20:23:59 r kernel: ctld: failed to apply configuration; exiting >> >Oct 3 20:23:59 r kernel: /etc/rc: WARNING: failed to start ctld >> >Oct 3 20:23:59 r kernel: ELF ldconfig path: /lib /usr/lib >> >/usr/lib/compat /usr/local/lib /usr/dt/lib /usr/local/lib/compat >> >/usr/local/lib/gcc9 /usr/local/lib/graphviz /usr/local/lib/nss >> >/usr/local/lib/perl5/5.28/mach/CORE /usr/local/lib/pth >> >/usr/local/lib/qt4 /usr/local/lib/qt5 /usr/local/lib/samba4 >> >/usr/local/llvm10/lib /usr/local/share/chromium >> >Oct 3 20:23:59 r kernel: 32-bit compatibility ldconfig path: >> >/usr/lib32 /usr/local/lib32/compat >> >Oct 3 20:23:59 r kernel: Setting hostname: r.domain.net. >> >Oct 3 20:23:59 r kernel: Setting up harvesting: >> >[UMA],[FS_ATIME],SWI,INTERRUPT,NET_NG,NET_ETHER,NET_TUN,MOUSE,KEYBOARD,ATTACH,CACHED >> >Oct 3 20:23:59 r kernel: Feeding entropy: . >> >Oct 3 20:23:59 r kernel: Starting Network: lo0 bge0 bge1. >> >``` >> >Then I realized I have / and /usr in separated zfs(same zpool). It may >> >be that / mounted but /usr not. Thus I changed my /etc/rc.d/gssd line >> >7 to # REQUIRE: mountcritlocal. >> I don't know what has changed post-11.4 to cause this. >> However, the problem with adding "mountcritlocal" is that it assumes >> /usr is a locally mounted file system and not NFS mounted nor a subtree >> of "/". >> --> I think a better solution might be to move gssd to /sbin, which should >> always be a part of the root fs. (/etc/rc.d/gssd already has "root" as >> REQUIRED.) > > > Make the move. It is an early utility in reality. > > Warner But take care :) $ ldd /usr/sbin/gssd /usr/sbin/gssd: libgssapi.so.10 => /usr/lib/libgssapi.so.10 (0x80082b000) libkrb5.so.11 => /usr/lib/libkrb5.so.11 (0x800a35000) libroken.so.11 => /usr/lib/libroken.so.11 (0x800cb4000) libc.so.7 => /lib/libc.so.7 (0x800ec7000) libasn1.so.11 => /usr/lib/libasn1.so.11 (0x80127e000) libcom_err.so.5 => /usr/lib/libcom_err.so.5 (0x801521000) libcrypt.so.5 => /lib/libcrypt.so.5 (0x801723000) libcrypto.so.8 => /lib/libcrypto.so.8 (0x801a00000) libhx509.so.11 => /usr/lib/libhx509.so.11 (0x801e75000) libwind.so.11 => /usr/lib/libwind.so.11 (0x8020c2000) libheimbase.so.11 => /usr/lib/libheimbase.so.11 (0x8022ea000) libprivateheimipcc.so.11 => /usr/lib/libprivateheimipcc.so.11 (0x8024ee000) libthr.so.3 => /lib/libthr.so.3 (0x8026f1000) >> >> >> I have a similar problem with the rpc.tlsclntd daemon I have developed >> for NFS-over-TLS. >> - Neither sec=krb5[ip] nor tls can be used for an NFS mounted root, >> but I think we just have to live with that? >> >> Do others have any suggestions? rick >> >> By the way, /etc/rc.d/ctld to # >> REQUIRE: netif. Everything works fine, even rebooting several times. >> What I am confused is how this happens. It seems that /etc/rc.d/gssd >> (in addition, /etc/rc.d/ctld) hasn't been changed since 2016. Both >> gssd and init in stable/11 have no functional changes since >> releng/11.4. Maybe zfs? but it's in the kernel, and kernel r366306 >> with releng/11.4 world works(though I only tested few times since >> rebooting is too boring). >> Any ideas? >> >> Cheers, >> meowthink >> _______________________________________________ >> freebsd-hackers@freebsd.org mailing list >> https://lists.freebsd.org/mailman/listinfo/freebsd-hackers >> To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@freebsd.org" >> >> _______________________________________________ >> freebsd-hackers@freebsd.org mailing list >> https://lists.freebsd.org/mailman/listinfo/freebsd-hackers >> To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@freebsd.org" From owner-freebsd-hackers@freebsd.org Mon Oct 5 00:41:43 2020 Return-Path: Delivered-To: freebsd-hackers@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 32AEB3F1051 for ; Mon, 5 Oct 2020 00:41:43 +0000 (UTC) (envelope-from rmacklem@uoguelph.ca) Received: from CAN01-TO1-obe.outbound.protection.outlook.com (mail-eopbgr670072.outbound.protection.outlook.com [40.107.67.72]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mail.protection.outlook.com", Issuer "GlobalSign Organization Validation CA - SHA256 - G3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4C4MH974GMz4ShY for ; Mon, 5 Oct 2020 00:41:41 +0000 (UTC) (envelope-from rmacklem@uoguelph.ca) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=L2bmZTt7OGD36RFTMLG/7MtioIjF6II8Nk++0WEULwZ+btFZ6lrKBMZLWdVVbZHQEqS76BPF3mV4mHzvHTcJC6WW17wMKlR6SXgD0bzsSwNCgQS3TJzF/47fI/yubJX/jBRdlMP/zv6Kx5fMQ4cIxYP1afhvaYmPTTo+1hYkjHNB+Sa7s3jJAou0ogSw4BTAtSRPSqifZkmBwhPAEwjcMKGRzhXY5TLz2DESHkPdHO4wOBpUuG4d3aKUt4kbyLlcCgVuR7KxiQOCaKeRsBnYBtX64u6rUHr655Zh5Vzl1fypYihal+8SkBD91IB3xxSOZfR3vNbFN1KYfSBX0wkx+w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=UqEpeCeHfZP4e/CP2dwwglkVdlYF/lOCpeRwM0vxGFM=; b=Mo9pWWbCmuOGpSIfq5Yt7fgyDzVpP6gasGu7giLCVf/RiXfCbArOeHC9FSzKPr4xYHy7RWpIx07YH357Wy8MBMQM6yaaNLSNuB1Cxg2BBZP1s76Z8NjcCo6LuRwT5ffNPxa6LZcTIdlDSXGPDTVQsEt4Wwp0OBzL6WaV14xkYL8X8BdWiI/ddoMAh1XHJiYOGDfqBEI6b2nClCQntKWcvdwkOSnMDhyrovxkPkL/T7o4sq9XR/R9vf15MgG6HuBSnhhl8ChJ/LlzO/0MPyMIXstHAAUGLzRjHIkEo0CkpAMXcjutaZFGTopbva6vNLzlIqtVM3wGgDmvGh8v5+IlMQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=uoguelph.ca; dmarc=pass action=none header.from=uoguelph.ca; dkim=pass header.d=uoguelph.ca; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=uoguelph.ca; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=UqEpeCeHfZP4e/CP2dwwglkVdlYF/lOCpeRwM0vxGFM=; b=GDUr6ReENPLMujiXmZjT0vaG/lefV1H5y6rN0kzBlMeDY5W81EjOuTdYOaShRxPIVksxwnfM6ZUNxw/Geu3xRde7JarF+STqUTx1qi1iRpbMBC+cUYWA31Or5SzSmCSQNR79DBqRqFw3MEJpo0FcRUrhdQvoNFir4Xvj2qbEwaPJ3c5sxRKS4yLcalaZT0SgL7x7ouGpPgzyQcW0x4IaDgzccJi7AxyesquhDIn6MxkgEyfXjTD/O4Xeo+tZH7oHP6yGaTLcCqBrNn5+irWlgLzOpXSDC9yUp5zxzfGUHFHYwdtDljX8vA04Vl/AqBhZMNIJ2wPwWulRGrPggWUa5Q== Received: from YTBPR01MB3966.CANPRD01.PROD.OUTLOOK.COM (2603:10b6:b01:24::27) by YTOPR0101MB2121.CANPRD01.PROD.OUTLOOK.COM (2603:10b6:b00:1a::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3433.36; Mon, 5 Oct 2020 00:41:39 +0000 Received: from YTBPR01MB3966.CANPRD01.PROD.OUTLOOK.COM ([fe80::687f:d85a:a0a3:bd20]) by YTBPR01MB3966.CANPRD01.PROD.OUTLOOK.COM ([fe80::687f:d85a:a0a3:bd20%6]) with mapi id 15.20.3433.044; Mon, 5 Oct 2020 00:41:39 +0000 From: Rick Macklem To: Meowthink , FreeBSD Hackers Subject: Re: How this wired boot timing bug comes, init rc scripts or zfs? Thread-Topic: How this wired boot timing bug comes, init rc scripts or zfs? Thread-Index: AQHWmfkl7m9uvwZgSESfOu7kxuLuh6mH8/LQgAAFTgCAACiqgIAAB7lA Date: Mon, 5 Oct 2020 00:41:39 +0000 Message-ID: References: , In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: bd81c107-25fa-4856-4633-08d868c76c56 x-ms-traffictypediagnostic: YTOPR0101MB2121: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:8882; x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: soy5LLE99TdupxBPhvCZVxi4IqGy1xAvCCOfO6KTFZhbJL8B3bi4EbDDF0uiAaJu2ZytQ987RF/wPIZIak2zqsQHI8a6XHfykSVvfPU15PnMPRbIyeAy8MRxenUg7iht00LylI4mmSdqyyJS83Sv9+xdIlgUvyOqV6Rz+6B+XuTcgPGlO/wENRhSkVWhy+JfEn/yFNUzFhhRnVASK0XyV5YqN/iqzeW+8G+vMlCPi0Qrq91cJMSwvU17SbFWUd/zd77H8k1MNMZzBlYKVOgq6MUfm2Op5JvewIHIwPrICTeYg6YvSbQczU+QvF4kxWcObdDG+kNBLmi6qttbeMH8wmXy18wmxMl4NYyM3E9pbiWpQU5iqlUSWRTSzcBum8y500VGpbeKs+ubtOHwrBiqaQ== x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:YTBPR01MB3966.CANPRD01.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(396003)(376002)(39850400004)(366004)(136003)(346002)(966005)(66446008)(2906002)(186003)(83080400001)(83380400001)(110136005)(6506007)(64756008)(8936002)(478600001)(5660300002)(86362001)(316002)(71200400001)(786003)(8676002)(66946007)(66556008)(66476007)(76116006)(52536014)(7696005)(9686003)(55016002)(33656002); DIR:OUT; SFP:1101; x-ms-exchange-antispam-messagedata: 4gxQe7EbcXZYPi8ruDepVgRadPTGk6eZJOeipp6VJlnvXniHfTbRlQkLlFucFSeNP0Uz+alRwQHTeQMVs1FLhNO9yghjsWVDtz41rHOJzzjHsp9i2kWEM+QNELR4+DnJjjzxTE7gDHWygxN8rnwo6qIqX+bOvHfkv4FDaOTKnIAxI8m6eJk/XYCIGrW8wpT+aWe8B0irnsX7L/uUZPpWme4xQnI2X74FbQMPl2RDC5lnSpVBcRbP42gpa59LEXNiFKqKsVuXAx+f8HRW7FuUhsaeyBU6WJrLLwBzvA76O+T0MpbNKY/q57hAbaBTxe0aJSfv5IdBLS1plyV6JxUuESSY2RlI+AAzmy+yJcnKo+/6LLFzJOieH+rDMQ6zoF3IcZgM8bYr4aHmIMdlTvXXDZrsPKTICh2NMCRhqPy39TVGA17xZClL64Z4L/E/e3Ms7dgy2lO0tlRsZEnGhOUgr20V/kfM2DvvE57jTXCYIYozIZezN/gNagicy4gDltgTYp6RVmQrnALb6xXIA0LAsodMX0+MNpCnH8O1CASwIb+O+OqfRYWtWq8AfFDL0lIbD6PwNcBAoJ4mMTsL2u6lhF8YcdSlvFlPlhZNz7yNAF8I533t4YJ8P4eQyO4e9VwD9txPwtCTxtK1IdWIIDlDIUaJinQaOjyvOx1wYXjRHfW8KRxjFObjNmAGaG5PkRpY6lgd90S/w3NhRmhKRPfQRw== x-ms-exchange-transport-forked: True Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: uoguelph.ca X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: YTBPR01MB3966.CANPRD01.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-Network-Message-Id: bd81c107-25fa-4856-4633-08d868c76c56 X-MS-Exchange-CrossTenant-originalarrivaltime: 05 Oct 2020 00:41:39.7779 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: be62a12b-2cad-49a1-a5fa-85f4f3156a7d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: zY8DjEPT1MLxNM7zKWdDAwByEag3kxTtSydptgCCnnHSqbGvpN3BKOfSFxv6FihdSCcF0uAfwgAdwyb8abVEyw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: YTOPR0101MB2121 X-Rspamd-Queue-Id: 4C4MH974GMz4ShY X-Spamd-Bar: ----- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=uoguelph.ca header.s=selector1 header.b=GDUr6ReE; dmarc=pass (policy=none) header.from=uoguelph.ca; spf=pass (mx1.freebsd.org: domain of rmacklem@uoguelph.ca designates 40.107.67.72 as permitted sender) smtp.mailfrom=rmacklem@uoguelph.ca X-Spamd-Result: default: False [-5.29 / 15.00]; NEURAL_HAM_MEDIUM(-0.99)[-0.991]; R_DKIM_ALLOW(-0.20)[uoguelph.ca:s=selector1]; FREEFALL_USER(0.00)[rmacklem]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:40.107.0.0/16]; NEURAL_HAM_LONG(-1.02)[-1.019]; MIME_GOOD(-0.10)[text/plain]; ARC_ALLOW(-1.00)[microsoft.com:s=arcselector9901:i=1]; DWL_DNSWL_LOW(-1.00)[uoguelph.ca:dkim]; RCVD_COUNT_THREE(0.00)[3]; TO_MATCH_ENVRCPT_SOME(0.00)[]; TO_DN_ALL(0.00)[]; DKIM_TRACE(0.00)[uoguelph.ca:+]; RCPT_COUNT_TWO(0.00)[2]; DMARC_POLICY_ALLOW(-0.50)[uoguelph.ca,none]; NEURAL_HAM_SHORT(-1.18)[-1.184]; RWL_MAILSPIKE_POSSIBLE(0.00)[40.107.67.72:from]; FREEMAIL_TO(0.00)[gmail.com,freebsd.org]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; SUBJECT_ENDS_QUESTION(1.00)[]; ASN(0.00)[asn:8075, ipnet:40.104.0.0/14, country:US]; RCVD_TLS_LAST(0.00)[]; MAILMAN_DEST(0.00)[freebsd-hackers]; RCVD_IN_DNSWL_LOW(-0.10)[40.107.67.72:from] X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 05 Oct 2020 00:41:43 -0000 Meowthink wrote:=0A= >On Mon, Oct 5, 2020 at 5:37 AM Warner Losh wrote:=0A= >>=0A= >>=0A= >>=0A= >> On Sun, Oct 4, 2020, 3:28 PM Rick Macklem wrote:= =0A= >>>=0A= >>> Meowthink wrote:=0A= >>> >Hello hackers,=0A= >>> >Recently I installworld and rebooted a server, seems working, but my= =0A= >>> >kerberized nfsd, precisely gssd, is not functional.=0A= >>> >At first I thought it may be a bug from stable, so I did some trivial= =0A= >>> >tests, replacing the kernel with releng one, then the whole world, but= =0A= >>> >found this is nothing related to the kernel, and triggers randomly=0A= >>> >when rebooting some recent stable/11 world (releng/11.4 seems fine).= =0A= >>> >To dig it deeper, here is what the console showed when failing:=0A= >>> >```=0A= >>> >Oct 3 20:23:59 r kernel: Starting file system checks:=0A= >>> >Oct 3 20:23:59 r kernel: /etc/rc: WARNING: run_rc_command: cannot run= =0A= >>> >/usr/sbin/gssd=0A= >>> >Oct 3 20:23:59 r kernel: Mounting local filesystems:.=0A= >>> >Oct 3 20:23:59 r kernel: Updating CPU Microcode...=0A= >>> >Oct 3 20:23:59 r kernel: Done.=0A= >>> >Oct 3 20:23:59 r kernel: Starting ctld.=0A= >>> >Oct 3 20:23:59 r kernel: ctld: bind(2) failed for [::]: Can't assign= =0A= >>> >requested address=0A= >>> >Oct 3 20:23:59 r kernel: ctld: bind(2) failed for 0.0.0.0: Can't=0A= >>> >assign requested address=0A= >>> >Oct 3 20:23:59 r kernel: ctld: failed to apply configuration; exiting= =0A= >>> >Oct 3 20:23:59 r kernel: /etc/rc: WARNING: failed to start ctld=0A= >>> >Oct 3 20:23:59 r kernel: ELF ldconfig path: /lib /usr/lib=0A= >>> >/usr/lib/compat /usr/local/lib /usr/dt/lib /usr/local/lib/compat=0A= >>> >/usr/local/lib/gcc9 /usr/local/lib/graphviz /usr/local/lib/nss=0A= >>> >/usr/local/lib/perl5/5.28/mach/CORE /usr/local/lib/pth=0A= >>> >/usr/local/lib/qt4 /usr/local/lib/qt5 /usr/local/lib/samba4=0A= >>> >/usr/local/llvm10/lib /usr/local/share/chromium=0A= >>> >Oct 3 20:23:59 r kernel: 32-bit compatibility ldconfig path:=0A= >>> >/usr/lib32 /usr/local/lib32/compat=0A= >>> >Oct 3 20:23:59 r kernel: Setting hostname: r.domain.net.=0A= >>> >Oct 3 20:23:59 r kernel: Setting up harvesting:=0A= >>> >[UMA],[FS_ATIME],SWI,INTERRUPT,NET_NG,NET_ETHER,NET_TUN,MOUSE,KEYBOARD= ,ATTACH,CACHED=0A= >>> >Oct 3 20:23:59 r kernel: Feeding entropy: .=0A= >>> >Oct 3 20:23:59 r kernel: Starting Network: lo0 bge0 bge1.=0A= >>> >```=0A= >>> >Then I realized I have / and /usr in separated zfs(same zpool). It may= =0A= >>> >be that / mounted but /usr not. Thus I changed my /etc/rc.d/gssd line= =0A= >>> >7 to # REQUIRE: mountcritlocal.=0A= >>> I don't know what has changed post-11.4 to cause this.=0A= >>> However, the problem with adding "mountcritlocal" is that it assumes=0A= >>> /usr is a locally mounted file system and not NFS mounted nor a subtree= =0A= >>> of "/".=0A= >>> --> I think a better solution might be to move gssd to /sbin, which sho= uld=0A= >>> always be a part of the root fs. (/etc/rc.d/gssd already has "roo= t" as=0A= >>> REQUIRED.)=0A= >>=0A= >>=0A= >> Make the move. It is an early utility in reality.=0A= >>=0A= >> Warner=0A= >=0A= >But take care :)=0A= >$ ldd /usr/sbin/gssd=0A= >/usr/sbin/gssd:=0A= > libgssapi.so.10 =3D> /usr/lib/libgssapi.so.10 (0x80082b000)=0A= > libkrb5.so.11 =3D> /usr/lib/libkrb5.so.11 (0x800a35000)=0A= > libroken.so.11 =3D> /usr/lib/libroken.so.11 (0x800cb4000)=0A= > libc.so.7 =3D> /lib/libc.so.7 (0x800ec7000)=0A= > libasn1.so.11 =3D> /usr/lib/libasn1.so.11 (0x80127e000)=0A= > libcom_err.so.5 =3D> /usr/lib/libcom_err.so.5 (0x801521000)=0A= > libcrypt.so.5 =3D> /lib/libcrypt.so.5 (0x801723000)=0A= > libcrypto.so.8 =3D> /lib/libcrypto.so.8 (0x801a00000)=0A= > libhx509.so.11 =3D> /usr/lib/libhx509.so.11 (0x801e75000)=0A= > libwind.so.11 =3D> /usr/lib/libwind.so.11 (0x8020c2000)=0A= > libheimbase.so.11 =3D> /usr/lib/libheimbase.so.11 (0x8022ea000)=0A= > libprivateheimipcc.so.11 =3D> /usr/lib/libprivateheimipcc.so.11=0A= >(0x8024ee000)=0A= > libthr.so.3 =3D> /lib/libthr.so.3 (0x8026f1000)=0A= Good point. Moving all those libraries isn't worth the effort, imho.=0A= =0A= I suppose "mountcritlocal" is harmless and fixes the case where /usr=0A= is a separately mounted local FS.=0A= (I can't resist pointing out that we no longer need to worry about the=0A= size limitation of a 2.5Mbyte RK05 disk, so having /usr on a separate=0A= file system may no longer be a critical requirement, but...;-)=0A= =0A= rick=0A= =0A= >>=0A= >>=0A= >> I have a similar problem with the rpc.tlsclntd daemon I have developed= =0A= >> for NFS-over-TLS.=0A= >> - Neither sec=3Dkrb5[ip] nor tls can be used for an NFS mounted root,=0A= >> but I think we just have to live with that?=0A= >>=0A= >> Do others have any suggestions? rick=0A= >>=0A= >> By the way, /etc/rc.d/ctld to #=0A= >> REQUIRE: netif. Everything works fine, even rebooting several times.=0A= >> What I am confused is how this happens. It seems that /etc/rc.d/gssd=0A= >> (in addition, /etc/rc.d/ctld) hasn't been changed since 2016. Both=0A= >> gssd and init in stable/11 have no functional changes since=0A= >> releng/11.4. Maybe zfs? but it's in the kernel, and kernel r366306=0A= >> with releng/11.4 world works(though I only tested few times since=0A= >> rebooting is too boring).=0A= >> Any ideas?=0A= >>=0A= >> Cheers,=0A= >> meowthink=0A= >> _______________________________________________=0A= >> freebsd-hackers@freebsd.org mailing list=0A= >> https://lists.freebsd.org/mailman/listinfo/freebsd-hackers=0A= >> To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@freebsd.or= g"=0A= >>=0A= >> _______________________________________________=0A= >> freebsd-hackers@freebsd.org mailing list=0A= >> https://lists.freebsd.org/mailman/listinfo/freebsd-hackers=0A= >> To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@freebsd.or= g"=0A= _______________________________________________=0A= freebsd-hackers@freebsd.org mailing list=0A= https://lists.freebsd.org/mailman/listinfo/freebsd-hackers=0A= To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@freebsd.org"= =0A= =0A= From owner-freebsd-hackers@freebsd.org Mon Oct 5 13:46:07 2020 Return-Path: Delivered-To: freebsd-hackers@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id CA47E42528C for ; Mon, 5 Oct 2020 13:46:07 +0000 (UTC) (envelope-from eric@metricspace.net) Received: from mail.metricspace.net (mail.metricspace.net [IPv6:2001:470:1f11:617::107]) by mx1.freebsd.org (Postfix) with ESMTP id 4C4hhG5Zfnz3fgc for ; Mon, 5 Oct 2020 13:46:06 +0000 (UTC) (envelope-from eric@metricspace.net) Received: from [IPv6:2001:470:1f11:617:3210:b3ff:fe77:becd] (unknown [IPv6:2001:470:1f11:617:3210:b3ff:fe77:becd]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange ECDHE (P-384) server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) (Authenticated sender: eric) by mail.metricspace.net (Postfix) with ESMTPSA id 0B36B1526C for ; Mon, 5 Oct 2020 13:45:59 +0000 (UTC) To: FreeBSD Hackers From: Eric McCorkle Subject: Mounting encrypted ZFS datasets/GELI for users? Autocrypt: addr=eric@metricspace.net; prefer-encrypt=mutual; keydata= mDMEXonLJBYJKwYBBAHaRw8BAQdA4oHU11A8qtqD0EtRofyORHbGX1ZIT/mnk9eceKQx56q0 JEVyaWMgTWNDb3JrbGUgPGVyaWNAbWV0cmljc3BhY2UubmV0PoiZBBMWCABBAhsDBQsJCAcC BhUKCQgLAgQWAgMBAh4BAheAAhkBFiEEPfuJobsx0Me4pIwLPOOjZtwQVqwFAl6J2DIFCQHh QI4ACgkQPOOjZtwQVqzGAAEAu2D57t8P5L7aE1zQKLrJ4B56ki67sR+N/W1mvKnw26oBANEp vVLbA7zr9q7i9wT/xrAUEnc4jylTEKM4sm60q8gBuDgEXonLJBIKKwYBBAGXVQEFAQEHQCxw rRXlvDoXgDGv2WMrLy9UaJ4fNWXIdlaiiKZIH7lBAwEIB4h+BBgWCAAmAhsMFiEEPfuJobsx 0Me4pIwLPOOjZtwQVqwFAl6J2DoFCQHhQJYACgkQPOOjZtwQVqy4UwEAruwUbIQEmOGkyGmA 8Q7A/LGqCYE7vBzF1OnpcOuV1vYBANIVrBc7ikG6UelcNkUD1o3QCsp9y5U0/KS6Uc1LQ40E Message-ID: <8d467e98-237f-c6a2-72de-94c0195ec964@metricspace.net> Date: Mon, 5 Oct 2020 09:45:50 -0400 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:68.0) Gecko/20100101 Thunderbird/68.12.0 MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="35Gdt79eq6Hqh2dnT95Ua3Au9svH7ytU8" X-Rspamd-Queue-Id: 4C4hhG5Zfnz3fgc X-Spamd-Bar: / Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=none (mx1.freebsd.org: domain of eric@metricspace.net has no SPF policy when checking 2001:470:1f11:617::107) smtp.mailfrom=eric@metricspace.net X-Spamd-Result: default: False [-0.41 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; HAS_ATTACHMENT(0.00)[]; TO_DN_ALL(0.00)[]; SIGNED_PGP(-2.00)[]; RCVD_NO_TLS_LAST(0.10)[]; FROM_EQ_ENVFROM(0.00)[]; SUBJECT_ENDS_QUESTION(1.00)[]; R_DKIM_NA(0.00)[]; ASN(0.00)[asn:6939, ipnet:2001:470::/32, country:US]; MIME_TRACE(0.00)[0:+,1:+,2:+,3:~]; MID_RHS_MATCH_FROM(0.00)[]; ARC_NA(0.00)[]; FREEFALL_USER(0.00)[eric]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; NEURAL_HAM_LONG(-0.72)[-0.719]; MIME_GOOD(-0.20)[multipart/signed,multipart/mixed,text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-hackers@freebsd.org]; AUTH_NA(1.00)[]; NEURAL_SPAM_MEDIUM(0.14)[0.135]; RCPT_COUNT_ONE(0.00)[1]; DMARC_NA(0.00)[metricspace.net]; NEURAL_SPAM_SHORT(0.28)[0.277]; R_SPF_NA(0.00)[no SPF record]; RCVD_COUNT_TWO(0.00)[2]; MAILMAN_DEST(0.00)[freebsd-hackers] X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 05 Oct 2020 13:46:07 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --35Gdt79eq6Hqh2dnT95Ua3Au9svH7ytU8 Content-Type: multipart/mixed; boundary="9WiufMcVwIxejB76iEFHgZ8bbKp9O4ipW" --9WiufMcVwIxejB76iEFHgZ8bbKp9O4ipW Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: quoted-printable I'm presently looking into options presented by ZFS encryption. One idea I had was something like this (I'm going to go with ZFS for now, but you could presumably do something like this with GELI, with more effort). You could have your users' home directories on separate ZFS datasets, with a separate encryption key generated from their passphrase (you could also generalize this to a session key generated from some other form of authentication). When a user logs in, their authentication materials are used to recover the ZFS key, which is then used to mount the home directory. When they log out, their home directory is unmounted= =2E The tricky part seems to be that you need their authentication materials. I think you could maybe accomplish something like this with a custom PAM module that would load the key when the user logs in. I'm less sure how to unload the key when they log out, though. If you could manage that, then I think standard automounter stuff should be able to handle mounting and unmounting the actual filesystem as needed. Does anyone know of a better way to go about doing this? --9WiufMcVwIxejB76iEFHgZ8bbKp9O4ipW-- --35Gdt79eq6Hqh2dnT95Ua3Au9svH7ytU8 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iHUEARYIAB0WIQQ9+4mhuzHQx7ikjAs846Nm3BBWrAUCX3sjjgAKCRA846Nm3BBW rHywAQCxd2aP9HT2dcFaXW1eHZBPdUc/0cfaJVQyqshMD08MqgD+LJAI4J9O3vaf HYvs2cuu7WOIm67RqBIXj/eZRc++EQk= =723r -----END PGP SIGNATURE----- --35Gdt79eq6Hqh2dnT95Ua3Au9svH7ytU8-- From owner-freebsd-hackers@freebsd.org Mon Oct 5 15:13:00 2020 Return-Path: Delivered-To: freebsd-hackers@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id BC12D427504 for ; Mon, 5 Oct 2020 15:13:00 +0000 (UTC) (envelope-from asomers@gmail.com) Received: from mail-ot1-f54.google.com (mail-ot1-f54.google.com [209.85.210.54]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4C4kcX02pRz42VD for ; Mon, 5 Oct 2020 15:12:59 +0000 (UTC) (envelope-from asomers@gmail.com) Received: by mail-ot1-f54.google.com with SMTP id q21so8921607ota.8 for ; Mon, 05 Oct 2020 08:12:59 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=xDKXUdtQ6JtRVdK3Fe7xVjNukgqhpzSzoPNOgRuvVtw=; b=XjoMRFVPjmUTPyY5c9g5fbtvSr97vGESv5lNgIqvjROYLCgAr6zI+ENmcw2QAJxqw2 skeUYozlcPagbRIE2SeJXgfs5cACnd4W679jm0ouxky/j9sPdbcM4i8pX/cq0bBlktx7 xGpgh5kBI1HgFCO24oFojbo32XKnTJ6Ed09eEpluvW47GnykWaBDdTDkQMg1IOB7uw6J UmM+MsSGjSOMetLmAAxj6qydx6oigabGE25h8Jaa7rOA5d0UMkmjV3jbxTcQWKTJWL0Y Eqcc09WK60tpheqN7RvfYv66C2hgdI8wORnc0sR2R9lQMDpn3mOym4U4rDnybe/FHvDG ySkA== X-Gm-Message-State: AOAM530qELZ1ITohZR7kfclKp46lhBy8U0FfGpBhoLbz4ZRAX3IJMeQt F5Gpb+Z4/dclpHg95wqKfUCGrrp6OXsJgVR/PAwIkjwQ X-Google-Smtp-Source: ABdhPJxaRkPpluJ1R1ikPIpk/W9eFTN6wWjHG8kMK+XxwHDDYGdlhcVuOl5D+xGFFw71z7CMBz7wT7ZjwALVnGmjQgM= X-Received: by 2002:a9d:34d:: with SMTP id 71mr8929221otv.251.1601910778739; Mon, 05 Oct 2020 08:12:58 -0700 (PDT) MIME-Version: 1.0 References: <8d467e98-237f-c6a2-72de-94c0195ec964@metricspace.net> In-Reply-To: <8d467e98-237f-c6a2-72de-94c0195ec964@metricspace.net> From: Alan Somers Date: Mon, 5 Oct 2020 09:12:47 -0600 Message-ID: Subject: Re: Mounting encrypted ZFS datasets/GELI for users? To: Eric McCorkle Cc: FreeBSD Hackers X-Rspamd-Queue-Id: 4C4kcX02pRz42VD X-Spamd-Bar: / Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=pass (mx1.freebsd.org: domain of asomers@gmail.com designates 209.85.210.54 as permitted sender) smtp.mailfrom=asomers@gmail.com X-Spamd-Result: default: False [-0.66 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-0.995]; RCVD_COUNT_TWO(0.00)[2]; FREEFALL_USER(0.00)[asomers]; FROM_HAS_DN(0.00)[]; RWL_MAILSPIKE_GOOD(0.00)[209.85.210.54:from]; R_SPF_ALLOW(-0.20)[+ip4:209.85.128.0/17:c]; RCVD_TLS_ALL(0.00)[]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-hackers@freebsd.org]; DMARC_NA(0.00)[freebsd.org]; NEURAL_SPAM_SHORT(0.35)[0.353]; NEURAL_HAM_LONG(-1.02)[-1.020]; SUBJECT_ENDS_QUESTION(1.00)[]; TO_DN_ALL(0.00)[]; RCPT_COUNT_TWO(0.00)[2]; RCVD_IN_DNSWL_NONE(0.00)[209.85.210.54:from]; TO_MATCH_ENVRCPT_SOME(0.00)[]; FORGED_SENDER(0.30)[asomers@freebsd.org,asomers@gmail.com]; R_DKIM_NA(0.00)[]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ASN(0.00)[asn:15169, ipnet:209.85.128.0/17, country:US]; MIME_TRACE(0.00)[0:+,1:+,2:~]; FROM_NEQ_ENVFROM(0.00)[asomers@freebsd.org,asomers@gmail.com]; MAILMAN_DEST(0.00)[freebsd-hackers] Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.33 X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 05 Oct 2020 15:13:00 -0000 On Mon, Oct 5, 2020 at 7:46 AM Eric McCorkle wrote: > I'm presently looking into options presented by ZFS encryption. One > idea I had was something like this (I'm going to go with ZFS for now, > but you could presumably do something like this with GELI, with more > effort). > > You could have your users' home directories on separate ZFS datasets, > with a separate encryption key generated from their passphrase (you > could also generalize this to a session key generated from some other > form of authentication). When a user logs in, their authentication > materials are used to recover the ZFS key, which is then used to mount > the home directory. When they log out, their home directory is unmounted. > > The tricky part seems to be that you need their authentication > materials. I think you could maybe accomplish something like this with > a custom PAM module that would load the key when the user logs in. I'm > less sure how to unload the key when they log out, though. If you could > manage that, then I think standard automounter stuff should be able to > handle mounting and unmounting the actual filesystem as needed. > > Does anyone know of a better way to go about doing this? > First of all, what kind of thread are you concerned with? Disk encryption does not protect against an attacker with access to a live machine; it only protects against an attacker with access to an off machine, or to the bare HDDs. Per-user encryption would presumably protect one user from another user who has physical access to the off server. Is that what you're worried about? If not, then you shouldn't bother with per-user encryption. Just encrypt all of /home or all of the pool with a single key. -Alan From owner-freebsd-hackers@freebsd.org Mon Oct 5 15:40:10 2020 Return-Path: Delivered-To: freebsd-hackers@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 5A3BE427D19 for ; Mon, 5 Oct 2020 15:40:10 +0000 (UTC) (envelope-from eric@metricspace.net) Received: from mail.metricspace.net (static-108-31-38-18.washdc.fios.verizon.net [108.31.38.18]) by mx1.freebsd.org (Postfix) with ESMTP id 4C4lCs4QgJz4348; Mon, 5 Oct 2020 15:40:09 +0000 (UTC) (envelope-from eric@metricspace.net) Received: from [IPv6:2001:470:1f11:617:3210:b3ff:fe77:becd] (unknown [IPv6:2001:470:1f11:617:3210:b3ff:fe77:becd]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange ECDHE (P-384) server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) (Authenticated sender: eric) by mail.metricspace.net (Postfix) with ESMTPSA id 6CDF015484; Mon, 5 Oct 2020 15:40:03 +0000 (UTC) Subject: Re: Mounting encrypted ZFS datasets/GELI for users? To: Alan Somers Cc: FreeBSD Hackers References: <8d467e98-237f-c6a2-72de-94c0195ec964@metricspace.net> From: Eric McCorkle Autocrypt: addr=eric@metricspace.net; prefer-encrypt=mutual; keydata= mDMEXonLJBYJKwYBBAHaRw8BAQdA4oHU11A8qtqD0EtRofyORHbGX1ZIT/mnk9eceKQx56q0 JEVyaWMgTWNDb3JrbGUgPGVyaWNAbWV0cmljc3BhY2UubmV0PoiZBBMWCABBAhsDBQsJCAcC BhUKCQgLAgQWAgMBAh4BAheAAhkBFiEEPfuJobsx0Me4pIwLPOOjZtwQVqwFAl6J2DIFCQHh QI4ACgkQPOOjZtwQVqzGAAEAu2D57t8P5L7aE1zQKLrJ4B56ki67sR+N/W1mvKnw26oBANEp vVLbA7zr9q7i9wT/xrAUEnc4jylTEKM4sm60q8gBuDgEXonLJBIKKwYBBAGXVQEFAQEHQCxw rRXlvDoXgDGv2WMrLy9UaJ4fNWXIdlaiiKZIH7lBAwEIB4h+BBgWCAAmAhsMFiEEPfuJobsx 0Me4pIwLPOOjZtwQVqwFAl6J2DoFCQHhQJYACgkQPOOjZtwQVqy4UwEAruwUbIQEmOGkyGmA 8Q7A/LGqCYE7vBzF1OnpcOuV1vYBANIVrBc7ikG6UelcNkUD1o3QCsp9y5U0/KS6Uc1LQ40E Message-ID: <630f9133-4f67-92bd-41f9-fb04d985c159@metricspace.net> Date: Mon, 5 Oct 2020 11:39:53 -0400 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:68.0) Gecko/20100101 Thunderbird/68.12.0 MIME-Version: 1.0 In-Reply-To: Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="JIE9tOMMIY2I4L9QZydIV914Rt1cKjLGF" X-Rspamd-Queue-Id: 4C4lCs4QgJz4348 X-Spamd-Bar: / Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=none (mx1.freebsd.org: domain of eric@metricspace.net has no SPF policy when checking 108.31.38.18) smtp.mailfrom=eric@metricspace.net X-Spamd-Result: default: False [-0.72 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; ARC_NA(0.00)[]; FREEFALL_USER(0.00)[eric]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MID_RHS_MATCH_FROM(0.00)[]; HAS_ATTACHMENT(0.00)[]; MIME_GOOD(-0.20)[multipart/signed,multipart/mixed,text/plain]; DMARC_NA(0.00)[metricspace.net]; AUTH_NA(1.00)[]; NEURAL_SPAM_SHORT(0.57)[0.574]; NEURAL_HAM_LONG(-0.87)[-0.868]; NEURAL_HAM_MEDIUM(-0.33)[-0.329]; TO_DN_ALL(0.00)[]; RCPT_COUNT_TWO(0.00)[2]; SIGNED_PGP(-2.00)[]; R_SPF_NA(0.00)[no SPF record]; RCVD_NO_TLS_LAST(0.10)[]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:+,3:~]; ASN(0.00)[asn:701, ipnet:108.31.0.0/16, country:US]; SUBJECT_ENDS_QUESTION(1.00)[]; MAILMAN_DEST(0.00)[freebsd-hackers]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 05 Oct 2020 15:40:10 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --JIE9tOMMIY2I4L9QZydIV914Rt1cKjLGF Content-Type: multipart/mixed; boundary="AFKY7f1UhzhyX5jcwKO4MDJd8xD39Xhsc" --AFKY7f1UhzhyX5jcwKO4MDJd8xD39Xhsc Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: quoted-printable On 10/5/20 11:12 AM, Alan Somers wrote: > First of all, what kind of thread are you concerned with?=C2=A0 Disk > encryption does not protect against an attacker with access to a live > machine; it only protects against an attacker with access to an off > machine, or to the bare HDDs.=C2=A0 Per-user encryption would presumabl= y > protect one user from another user who has physical access to the off > server.=C2=A0 Is that what you're worried about?=C2=A0 If not, then you= shouldn't > bother with per-user encryption.=C2=A0 Just encrypt all of /home or all= of > the pool with a single key. >=20 > -Alan I am evaluating options for domains where use of per-user encryption is mandated, often as a means of protecting against insider threats. --AFKY7f1UhzhyX5jcwKO4MDJd8xD39Xhsc-- --JIE9tOMMIY2I4L9QZydIV914Rt1cKjLGF Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iHUEARYIAB0WIQQ9+4mhuzHQx7ikjAs846Nm3BBWrAUCX3s+SQAKCRA846Nm3BBW rD1ZAP0cyNlO1ThkquVputKoaz57If/nxQUSeVBManOYOFgrkwEAxFA27duQuNjU XEh7WZMbXR7QssgK/OR1uJAGdh7I8A0= =rncG -----END PGP SIGNATURE----- --JIE9tOMMIY2I4L9QZydIV914Rt1cKjLGF-- From owner-freebsd-hackers@freebsd.org Mon Oct 5 15:50:59 2020 Return-Path: Delivered-To: freebsd-hackers@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id F2180427AD9 for ; Mon, 5 Oct 2020 15:50:59 +0000 (UTC) (envelope-from asomers@gmail.com) Received: from mail-oo1-f45.google.com (mail-oo1-f45.google.com [209.85.161.45]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4C4lSM0L0cz4463 for ; Mon, 5 Oct 2020 15:50:58 +0000 (UTC) (envelope-from asomers@gmail.com) Received: by mail-oo1-f45.google.com with SMTP id z1so2350310ooj.3 for ; Mon, 05 Oct 2020 08:50:58 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=g6OWImn0PmmlAZJe7EJ/mJ9TzzhPt4JG+DF7vRMjJXw=; b=TnQo9h7VEhpb4DZXuy5hYilro5Xekj2JIOP8wqyZOvU14PC4vEHb2Zyx0R5pFegwU4 lCVJa/QFa5A+j5LglS/cJb8Fusn0wGzXpHhdH1FAD4fFSlBYXxdu0slTrZiSKd6DPVCe oNsXkaHzlSle5hklNVZQNgzvK7SiRRkVLcE3/nDz2o5h3va/eraax06zcdzCMpvwh487 ZIqmMQmY//VA3omoGFjt5AGrW7B77g+7/vIa8zstP1FBOj0crnSOWrrBRyCXkVAC1MeO wm3wWggY7LFV2odadLj9OzRDA/OXwhCbPEAg9dIbpPPHN7nnC4UCCgEJcbM/fGhlzz2A ArQA== X-Gm-Message-State: AOAM530J3h4J3JB2Yzz6nyNLAennfXACytzdlGt9xQ8LI33f2XF9Vt6k RCTr052fJcnqsQhGkvqu+98UnIWP1jIP+Ou6/Vv1K890 X-Google-Smtp-Source: ABdhPJwCID81MoxWfbFv5C26hWurv+CZKvVJVCdl7THcDSeoGCacZch6qgKOWhrkenLSz0L+S4Pyxi8AEIaGUJVTy0w= X-Received: by 2002:a4a:e544:: with SMTP id s4mr78919oot.74.1601913057614; Mon, 05 Oct 2020 08:50:57 -0700 (PDT) MIME-Version: 1.0 References: <8d467e98-237f-c6a2-72de-94c0195ec964@metricspace.net> <630f9133-4f67-92bd-41f9-fb04d985c159@metricspace.net> In-Reply-To: <630f9133-4f67-92bd-41f9-fb04d985c159@metricspace.net> From: Alan Somers Date: Mon, 5 Oct 2020 09:50:46 -0600 Message-ID: Subject: Re: Mounting encrypted ZFS datasets/GELI for users? To: Eric McCorkle Cc: FreeBSD Hackers X-Rspamd-Queue-Id: 4C4lSM0L0cz4463 X-Spamd-Bar: - Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=pass (mx1.freebsd.org: domain of asomers@gmail.com designates 209.85.161.45 as permitted sender) smtp.mailfrom=asomers@gmail.com X-Spamd-Result: default: False [-1.50 / 15.00]; MIME_TRACE(0.00)[0:+,1:+,2:~]; ARC_NA(0.00)[]; RCVD_COUNT_TWO(0.00)[2]; FREEFALL_USER(0.00)[asomers]; FROM_HAS_DN(0.00)[]; RWL_MAILSPIKE_GOOD(0.00)[209.85.161.45:from]; R_SPF_ALLOW(-0.20)[+ip4:209.85.128.0/17]; RCVD_TLS_ALL(0.00)[]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-hackers@freebsd.org]; DMARC_NA(0.00)[freebsd.org]; NEURAL_HAM_LONG(-1.02)[-1.020]; TO_MATCH_ENVRCPT_SOME(0.00)[]; TO_DN_ALL(0.00)[]; NEURAL_HAM_SHORT(-0.49)[-0.488]; RCPT_COUNT_TWO(0.00)[2]; RCVD_IN_DNSWL_NONE(0.00)[209.85.161.45:from]; NEURAL_HAM_MEDIUM(-1.00)[-0.995]; FORGED_SENDER(0.30)[asomers@freebsd.org,asomers@gmail.com]; SUBJECT_ENDS_QUESTION(1.00)[]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ASN(0.00)[asn:15169, ipnet:209.85.128.0/17, country:US]; R_DKIM_NA(0.00)[]; FROM_NEQ_ENVFROM(0.00)[asomers@freebsd.org,asomers@gmail.com]; MAILMAN_DEST(0.00)[freebsd-hackers] Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.33 X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 05 Oct 2020 15:51:00 -0000 On Mon, Oct 5, 2020 at 9:40 AM Eric McCorkle wrote: > On 10/5/20 11:12 AM, Alan Somers wrote: > > > First of all, what kind of thread are you concerned with? Disk > > encryption does not protect against an attacker with access to a live > > machine; it only protects against an attacker with access to an off > > machine, or to the bare HDDs. Per-user encryption would presumably > > protect one user from another user who has physical access to the off > > server. Is that what you're worried about? If not, then you shouldn't > > bother with per-user encryption. Just encrypt all of /home or all of > > the pool with a single key. > > > > -Alan > > I am evaluating options for domains where use of per-user encryption is > mandated, often as a means of protecting against insider threats. > But if the victim user and the aggressor user are logged in at the same time, then both users' home directories will be decrypted, and unix permissions will be the only thing protecting the victim, right? That situation doesn't sound any better than no encryption at all. And insiders who have offline access to the HDDs would be thwarted by global encryption just as much as per-user encryption. I'm not denying that you may be under some legal mandate for per-user encryption; I just don't understand the motivation. OmniOS has a module that creates a new home directory ZFS dataset the first time. But the last time I looked at it, it didn't include any encryption. -Alan From owner-freebsd-hackers@freebsd.org Mon Oct 5 16:26:41 2020 Return-Path: Delivered-To: freebsd-hackers@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id A242C428CE2 for ; Mon, 5 Oct 2020 16:26:41 +0000 (UTC) (envelope-from eric@metricspace.net) Received: from mail.metricspace.net (mail.metricspace.net [IPv6:2001:470:1f11:617::107]) by mx1.freebsd.org (Postfix) with ESMTP id 4C4mFX4ph8z465J; Mon, 5 Oct 2020 16:26:40 +0000 (UTC) (envelope-from eric@metricspace.net) Received: from [IPv6:2001:470:1f11:617:3210:b3ff:fe77:becd] (unknown [IPv6:2001:470:1f11:617:3210:b3ff:fe77:becd]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange ECDHE (P-384) server-signature RSA-PSS (4096 bits)) (Client did not present a certificate) (Authenticated sender: eric) by mail.metricspace.net (Postfix) with ESMTPSA id 79DEE15509; Mon, 5 Oct 2020 16:26:39 +0000 (UTC) Subject: Re: Mounting encrypted ZFS datasets/GELI for users? To: Alan Somers Cc: FreeBSD Hackers References: <8d467e98-237f-c6a2-72de-94c0195ec964@metricspace.net> <630f9133-4f67-92bd-41f9-fb04d985c159@metricspace.net> From: Eric McCorkle Autocrypt: addr=eric@metricspace.net; prefer-encrypt=mutual; keydata= mDMEXonLJBYJKwYBBAHaRw8BAQdA4oHU11A8qtqD0EtRofyORHbGX1ZIT/mnk9eceKQx56q0 JEVyaWMgTWNDb3JrbGUgPGVyaWNAbWV0cmljc3BhY2UubmV0PoiZBBMWCABBAhsDBQsJCAcC BhUKCQgLAgQWAgMBAh4BAheAAhkBFiEEPfuJobsx0Me4pIwLPOOjZtwQVqwFAl6J2DIFCQHh QI4ACgkQPOOjZtwQVqzGAAEAu2D57t8P5L7aE1zQKLrJ4B56ki67sR+N/W1mvKnw26oBANEp vVLbA7zr9q7i9wT/xrAUEnc4jylTEKM4sm60q8gBuDgEXonLJBIKKwYBBAGXVQEFAQEHQCxw rRXlvDoXgDGv2WMrLy9UaJ4fNWXIdlaiiKZIH7lBAwEIB4h+BBgWCAAmAhsMFiEEPfuJobsx 0Me4pIwLPOOjZtwQVqwFAl6J2DoFCQHhQJYACgkQPOOjZtwQVqy4UwEAruwUbIQEmOGkyGmA 8Q7A/LGqCYE7vBzF1OnpcOuV1vYBANIVrBc7ikG6UelcNkUD1o3QCsp9y5U0/KS6Uc1LQ40E Message-ID: <00dbfac0-6c6f-355e-c21b-db2cae3a87e4@metricspace.net> Date: Mon, 5 Oct 2020 12:26:28 -0400 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:68.0) Gecko/20100101 Thunderbird/68.12.0 MIME-Version: 1.0 In-Reply-To: Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="3WPmuCuBaTKtYJgimOcHbPa0zRuAWsyQe" X-Rspamd-Queue-Id: 4C4mFX4ph8z465J X-Spamd-Bar: - Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=none (mx1.freebsd.org: domain of eric@metricspace.net has no SPF policy when checking 2001:470:1f11:617::107) smtp.mailfrom=eric@metricspace.net X-Spamd-Result: default: False [-1.30 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; ARC_NA(0.00)[]; FREEFALL_USER(0.00)[eric]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MID_RHS_MATCH_FROM(0.00)[]; HAS_ATTACHMENT(0.00)[]; MIME_GOOD(-0.20)[multipart/signed,multipart/mixed,text/plain]; DMARC_NA(0.00)[metricspace.net]; AUTH_NA(1.00)[]; NEURAL_SPAM_SHORT(0.18)[0.176]; NEURAL_HAM_LONG(-0.92)[-0.924]; NEURAL_HAM_MEDIUM(-0.46)[-0.455]; TO_DN_ALL(0.00)[]; RCPT_COUNT_TWO(0.00)[2]; SIGNED_PGP(-2.00)[]; R_SPF_NA(0.00)[no SPF record]; RCVD_NO_TLS_LAST(0.10)[]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:+,3:~]; ASN(0.00)[asn:6939, ipnet:2001:470::/32, country:US]; SUBJECT_ENDS_QUESTION(1.00)[]; MAILMAN_DEST(0.00)[freebsd-hackers]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 05 Oct 2020 16:26:41 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --3WPmuCuBaTKtYJgimOcHbPa0zRuAWsyQe Content-Type: multipart/mixed; boundary="dbmgz7SRfcYFoRZKjzIuJ3iIYQhMt56ra" --dbmgz7SRfcYFoRZKjzIuJ3iIYQhMt56ra Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: quoted-printable On 10/5/20 11:50 AM, Alan Somers wrote: > On Mon, Oct 5, 2020 at 9:40 AM Eric McCorkle > wrote: >=20 > On 10/5/20 11:12 AM, Alan Somers wrote: >=20 > > First of all, what kind of thread are you concerned with?=C2=A0 D= isk > > encryption does not protect against an attacker with access to a = live > > machine; it only protects against an attacker with access to an o= ff > > machine, or to the bare HDDs.=C2=A0 Per-user encryption would pre= sumably > > protect one user from another user who has physical access to the= off > > server.=C2=A0 Is that what you're worried about?=C2=A0 If not, th= en you > shouldn't > > bother with per-user encryption.=C2=A0 Just encrypt all of /home = or all of > > the pool with a single key. > > > > -Alan >=20 > I am evaluating options for domains where use of per-user encryptio= n is > mandated, often as a means of protecting against insider threats. >=20 >=20 > But if the victim user and the aggressor user are logged in at the same= > time, then both users' home directories will be decrypted, and unix > permissions will be the only thing protecting the victim, right?=C2=A0 = That > situation doesn't sound any better than no encryption at all.=C2=A0 And= > insiders who have offline access to the HDDs would be thwarted by globa= l > encryption just as much as per-user encryption.=C2=A0 I'm not denying t= hat > you may be under some legal mandate for per-user encryption; I just > don't understand the motivation. Per-user encryption is not perfect, but that's not the goal of requirements like this. First of all, this can be used to protect secure workstations, where it's reasonable to expect only one person to be logged in at a time. Beyond that, the goal is to shrink the window of possible attacks and to aid detection. If the Adversary has to be active while a particular user is logged in, then they have a much smaller window of attack. Moreover, this helps with forensics, as you can look at what else was going on in the system in the much shorter window while a compromised user was active. --dbmgz7SRfcYFoRZKjzIuJ3iIYQhMt56ra-- --3WPmuCuBaTKtYJgimOcHbPa0zRuAWsyQe Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iHUEARYIAB0WIQQ9+4mhuzHQx7ikjAs846Nm3BBWrAUCX3tJNAAKCRA846Nm3BBW rAv3AP9wsXh1/Oodq8r1bP5eX7f61ZIpv8GI5o4tPKXedEgl+QD/SEjZxtUTadq6 +2p54TD75g8203A91TIL7j8k5+KiBg0= =txeh -----END PGP SIGNATURE----- --3WPmuCuBaTKtYJgimOcHbPa0zRuAWsyQe-- From owner-freebsd-hackers@freebsd.org Mon Oct 5 17:58:56 2020 Return-Path: Delivered-To: freebsd-hackers@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 27CF642B354 for ; Mon, 5 Oct 2020 17:58:56 +0000 (UTC) (envelope-from steffen@sdaoden.eu) Received: from sdaoden.eu (sdaoden.eu [217.144.132.164]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4C4pHy6qJpz4HL2; Mon, 5 Oct 2020 17:58:54 +0000 (UTC) (envelope-from steffen@sdaoden.eu) Received: by sdaoden.eu (Postfix, from userid 1000) id D4C1116057; Mon, 5 Oct 2020 19:58:53 +0200 (CEST) Date: Mon, 05 Oct 2020 19:58:53 +0200 From: Steffen Nurpmeso To: Eric McCorkle Cc: Alan Somers , FreeBSD Hackers Subject: Re: Mounting encrypted ZFS datasets/GELI for users? Message-ID: <20201005175853.4OgAF%steffen@sdaoden.eu> In-Reply-To: <00dbfac0-6c6f-355e-c21b-db2cae3a87e4@metricspace.net> References: <8d467e98-237f-c6a2-72de-94c0195ec964@metricspace.net> <630f9133-4f67-92bd-41f9-fb04d985c159@metricspace.net> <00dbfac0-6c6f-355e-c21b-db2cae3a87e4@metricspace.net> Mail-Followup-To: Eric McCorkle , Alan Somers , FreeBSD Hackers User-Agent: s-nail v14.9.19 OpenPGP: id=EE19E1C1F2F7054F8D3954D8308964B51883A0DD; url=https://ftp.sdaoden.eu/steffen.asc; preference=signencrypt BlahBlahBlah: Any stupid boy can crush a beetle. But all the professors in the world can make no bugs. MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Rspamd-Queue-Id: 4C4pHy6qJpz4HL2 X-Spamd-Bar: / Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=pass (mx1.freebsd.org: domain of steffen@sdaoden.eu designates 217.144.132.164 as permitted sender) smtp.mailfrom=steffen@sdaoden.eu X-Spamd-Result: default: False [-0.97 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-0.99)[-0.987]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[3]; R_SPF_ALLOW(-0.20)[+a:c]; NEURAL_HAM_LONG(-1.04)[-1.041]; MIME_GOOD(-0.10)[text/plain]; DMARC_NA(0.00)[sdaoden.eu]; TO_MATCH_ENVRCPT_SOME(0.00)[]; TO_DN_ALL(0.00)[]; NEURAL_HAM_SHORT(-0.64)[-0.639]; MID_CONTAINS_FROM(1.00)[]; RCVD_COUNT_ZERO(0.00)[0]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:15987, ipnet:217.144.128.0/20, country:DE]; SUBJECT_ENDS_QUESTION(1.00)[]; MAILMAN_DEST(0.00)[freebsd-hackers] X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 05 Oct 2020 17:58:56 -0000 Eric McCorkle wrote in <00dbfac0-6c6f-355e-c21b-db2cae3a87e4@metricspace.net>: |On 10/5/20 11:50 AM, Alan Somers wrote: |> On Mon, Oct 5, 2020 at 9:40 AM Eric McCorkle > wrote: |>=20 |> On 10/5/20 11:12 AM, Alan Somers wrote: |>=20 |>> First of all, what kind of thread are you concerned with?=C2=A0 Disk |>> encryption does not protect against an attacker with access to a live |>> machine; it only protects against an attacker with access to an off |>> machine, or to the bare HDDs.=C2=A0 Per-user encryption would presumab= ly |>> protect one user from another user who has physical access to the off |>> server.=C2=A0 Is that what you're worried about?=C2=A0 If not, then you |> shouldn't |>> bother with per-user encryption.=C2=A0 Just encrypt all of /home or al= l of |>> the pool with a single key. |>> |>> -Alan |>=20 |> I am evaluating options for domains where use of per-user encryptio= n \ |> is |> mandated, often as a means of protecting against insider threats. |>=20 |>=20 |> But if the victim user and the aggressor user are logged in at the same |> time, then both users' home directories will be decrypted, and unix |> permissions will be the only thing protecting the victim, right?=C2=A0 = That |> situation doesn't sound any better than no encryption at all.=C2=A0 And |> insiders who have offline access to the HDDs would be thwarted by global |> encryption just as much as per-user encryption.=C2=A0 I'm not denying t= hat |> you may be under some legal mandate for per-user encryption; I just |> don't understand the motivation. | |Per-user encryption is not perfect, but that's not the goal of |requirements like this. First of all, this can be used to protect |secure workstations, where it's reasonable to expect only one person to |be logged in at a time. | |Beyond that, the goal is to shrink the window of possible attacks and to |aid detection. If the Adversary has to be active while a particular |user is logged in, then they have a much smaller window of attack. |Moreover, this helps with forensics, as you can look at what else was |going on in the system in the much shorter window while a compromised |user was active. That project is very cool. I also want to thank for importing ZFS with encryption, i am not using it yet, but am looking forward to it. One important aspect of such (additional, on top of block encrypted disks) per-user-home encryption is that you can simply backup the entire directory without additional protection, if you have access to the unmounted content. I personally use several different encrypted directories, not the /home/steffen as such but sec.arena and sic therein, which get only mounted as necessary, and automatically unmounted (for all users) when the LID is closed. --steffen | |Der Kragenbaer, The moon bear, |der holt sich munter he cheerfully and one by one |einen nach dem anderen runter wa.ks himself off |(By Robert Gernhardt) From owner-freebsd-hackers@freebsd.org Tue Oct 6 11:03:51 2020 Return-Path: Delivered-To: freebsd-hackers@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 6CC2D430084 for ; Tue, 6 Oct 2020 11:03:51 +0000 (UTC) (envelope-from wojtek@puchar.net) Received: from puchar.net (puchar.net [194.1.144.90]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4C5F2Z2Zgfz4LPd for ; Tue, 6 Oct 2020 11:03:50 +0000 (UTC) (envelope-from wojtek@puchar.net) Received: Received: from 127.0.0.1 (localhost [127.0.0.1]) by puchar.net (8.15.2/8.16.1) with ESMTPS id 096B3fEh060886 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Tue, 6 Oct 2020 13:03:42 +0200 (CEST) (envelope-from puchar-wojtek@puchar.net) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=puchar.net; s=default; t=1601982222; bh=6iQadARpZ1Cj7fGRhi4SuLj4w3MINUOifKrswhVrN/0=; h=Date:From:To:Subject; b=IWHDRPrO/O8Y4i9UfZR1TcdmklHuqDSHuoGx3FLFeszUxhsNIKB1zm+ob83Do9YaS zbUygaD+sgGH49W+5HtAbj7wH9omt7KF9Ut1/eTc47OCkQ5xWs4DNfZ1oW0LKYfxMF bnPGzDpXZEndeU2qzhNgsgQPkrQWLdPF1kchFpBE= Received: from localhost (puchar-wojtek@localhost) by puchar.net (8.16.1/8.16.1/Submit) with ESMTP id 096B3fZa060883 for ; Tue, 6 Oct 2020 13:03:41 +0200 (CEST) (envelope-from puchar-wojtek@puchar.net) Date: Tue, 6 Oct 2020 13:03:41 +0200 (CEST) From: Wojciech Puchar To: freebsd-hackers@freebsd.org Subject: difference between real serial console and virtual console Message-ID: User-Agent: Alpine 2.20 (BSF 67 2015-01-07) MIME-Version: 1.0 Content-Type: text/plain; format=flowed; charset=US-ASCII X-Rspamd-Queue-Id: 4C5F2Z2Zgfz4LPd X-Spamd-Bar: - Authentication-Results: mx1.freebsd.org; dkim=fail (headers rsa verify failed) header.d=puchar.net header.s=default header.b=IWHDRPrO; dmarc=none; spf=pass (mx1.freebsd.org: domain of wojtek@puchar.net designates 194.1.144.90 as permitted sender) smtp.mailfrom=wojtek@puchar.net X-Spamd-Result: default: False [-1.28 / 15.00]; MID_RHS_MATCH_FROM(0.00)[]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-0.83)[-0.830]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; R_SPF_ALLOW(-0.20)[+mx]; MIME_GOOD(-0.10)[text/plain]; TO_DN_NONE(0.00)[]; PREVIOUSLY_DELIVERED(0.00)[freebsd-hackers@freebsd.org]; RCPT_COUNT_ONE(0.00)[1]; NEURAL_HAM_LONG(-0.96)[-0.963]; DMARC_NA(0.00)[puchar.net]; R_DKIM_REJECT(1.00)[puchar.net:s=default]; DKIM_TRACE(0.00)[puchar.net:-]; NEURAL_HAM_SHORT(-0.19)[-0.188]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; RCVD_TLS_LAST(0.00)[]; ASN(0.00)[asn:43476, ipnet:194.1.144.0/24, country:PL]; RCVD_COUNT_TWO(0.00)[2]; MAILMAN_DEST(0.00)[freebsd-hackers] X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 06 Oct 2020 11:03:51 -0000 from userland program point of view? What's the difference. I'm asking because i have problem as below when using real serial console (PCengines apu). I have TERM set to xterm on both serial console and on virtual console when i log over ssh or rsh. i have same screen size. and ALMOST all programs behave the same way, including full screen programs like mc or vi or even alpine. including colors,sizes etc. the only exception is joe editor. that doesn't work at all. Actually - it display few upper-left characters of it's status bar and nothing else. All i can is to blindly type CTRL-C to exit. switching TERM to vt100 or vt220 doesn't change things at all. any idea why? From owner-freebsd-hackers@freebsd.org Tue Oct 6 11:21:57 2020 Return-Path: Delivered-To: freebsd-hackers@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 462C9430411 for ; Tue, 6 Oct 2020 11:21:57 +0000 (UTC) (envelope-from eugen@grosbein.net) Received: from hz.grosbein.net (hz.grosbein.net [IPv6:2a01:4f8:c2c:26d8::2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "hz.grosbein.net", Issuer "hz.grosbein.net" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4C5FRS1PG7z4Mf5 for ; Tue, 6 Oct 2020 11:21:55 +0000 (UTC) (envelope-from eugen@grosbein.net) Received: from eg.sd.rdtc.ru (eg.sd.rdtc.ru [IPv6:2a03:3100:c:13:0:0:0:5]) by hz.grosbein.net (8.15.2/8.15.2) with ESMTPS id 096BLTCa055583 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 6 Oct 2020 11:21:33 GMT (envelope-from eugen@grosbein.net) X-Envelope-From: eugen@grosbein.net X-Envelope-To: wojtek@puchar.net Received: from [10.58.0.10] (dadvw [10.58.0.10]) by eg.sd.rdtc.ru (8.16.1/8.16.1) with ESMTPS id 096BLXbp037427 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NOT); Tue, 6 Oct 2020 18:21:33 +0700 (+07) (envelope-from eugen@grosbein.net) Subject: Re: difference between real serial console and virtual console To: Wojciech Puchar , freebsd-hackers@freebsd.org References: From: Eugene Grosbein Message-ID: Date: Tue, 6 Oct 2020 18:21:25 +0700 User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.8.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=0.3 required=5.0 tests=BAYES_00,LOCAL_FROM, NICE_REPLY_A,SPF_HELO_NONE,SPF_PASS autolearn=no autolearn_force=no version=3.4.2 X-Spam-Report: * -2.3 BAYES_00 BODY: Bayes spam probability is 0 to 1% * [score: 0.0000] * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * -0.0 SPF_PASS SPF: sender matches SPF record * 2.6 LOCAL_FROM From my domains * -0.0 NICE_REPLY_A Looks like a legit reply (A) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on hz.grosbein.net X-Rspamd-Queue-Id: 4C5FRS1PG7z4Mf5 X-Spamd-Bar: - Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=permerror (mx1.freebsd.org: domain of eugen@grosbein.net uses mechanism not recognized by this client) smtp.mailfrom=eugen@grosbein.net X-Spamd-Result: default: False [-1.91 / 15.00]; MID_RHS_MATCH_FROM(0.00)[]; ARC_NA(0.00)[]; FREEFALL_USER(0.00)[eugen]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; NEURAL_HAM_MEDIUM(-0.75)[-0.754]; NEURAL_HAM_LONG(-0.98)[-0.980]; MIME_GOOD(-0.10)[text/plain]; DMARC_NA(0.00)[grosbein.net]; RCVD_COUNT_THREE(0.00)[3]; TO_MATCH_ENVRCPT_SOME(0.00)[]; R_SPF_PERMFAIL(0.00)[empty SPF record]; RCPT_COUNT_TWO(0.00)[2]; NEURAL_HAM_SHORT(-0.07)[-0.073]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:24940, ipnet:2a01:4f8::/29, country:DE]; RCVD_TLS_ALL(0.00)[]; MAILMAN_DEST(0.00)[freebsd-hackers] X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 06 Oct 2020 11:21:57 -0000 06.10.2020 18:03, Wojciech Puchar wrote: > from userland program point of view? What's the difference. > > I'm asking because i have problem as below when using real serial console (PCengines apu). > > I have TERM set to xterm on both serial console and on virtual console when i log over ssh or rsh. > > i have same screen size. > > and ALMOST all programs behave the same way, including full screen programs like mc or vi or even alpine. including colors,sizes etc. > > the only exception is joe editor. that doesn't work at all. > Actually - it display few upper-left characters of it's status bar and nothing else. All i can is to blindly type CTRL-C to exit. > > switching TERM to vt100 or vt220 doesn't change things at all. > > > any idea why? This should be related to user terminal size that's configured by user terminal emulator in case of network login. In case of VGA console, it's configured by console driver itself. In case of serial console, the system known nothing about user terminal size initially, so FreeBSD's default .login/.profile scripts contain call to resizewin utility. Read its manual page resizewin(1) and make sure you have "resizewin -z" in your shell's profile. From owner-freebsd-hackers@freebsd.org Tue Oct 6 13:30:44 2020 Return-Path: Delivered-To: freebsd-hackers@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id CA559433603 for ; Tue, 6 Oct 2020 13:30:44 +0000 (UTC) (envelope-from wojtek@puchar.net) Received: from puchar.net (puchar.net [194.1.144.90]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4C5JJ34DJWz4V2B for ; Tue, 6 Oct 2020 13:30:43 +0000 (UTC) (envelope-from wojtek@puchar.net) Received: Received: from 127.0.0.1 (localhost [127.0.0.1]) by puchar.net (8.15.2/8.16.1) with ESMTPS id 096DUba8076410 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Tue, 6 Oct 2020 15:30:38 +0200 (CEST) (envelope-from puchar-wojtek@puchar.net) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=puchar.net; s=default; t=1601991038; bh=D48mZqnFt4oDrBuZfsgsnPXYSQzzaGS+/JFXMELuIOQ=; h=Date:From:To:cc:Subject:In-Reply-To:References; b=JkocjJLiTo5cKfkF+yR4IeJ46u2FDQ3I1dvhg5wI8VnJ0tchzR6m63dOrz4/dUfBU LbWPk5EsPH5o/KfS6xVPQjYgdfWKY1CA/XxnZgDC9/8O9Qf24YeQ9+gShKpqKMptOX XNGgiqgn7RzikAQJE0Q03sWTtJhdF1Ii/ElIQPD4= Received: from localhost (puchar-wojtek@localhost) by puchar.net (8.16.1/8.16.1/Submit) with ESMTP id 096DUbaB076407; Tue, 6 Oct 2020 15:30:37 +0200 (CEST) (envelope-from puchar-wojtek@puchar.net) Date: Tue, 6 Oct 2020 15:30:37 +0200 (CEST) From: Wojciech Puchar To: Eugene Grosbein cc: Wojciech Puchar , freebsd-hackers@freebsd.org Subject: Re: difference between real serial console and virtual console In-Reply-To: Message-ID: References: User-Agent: Alpine 2.20 (BSF 67 2015-01-07) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII; format=flowed X-Rspamd-Queue-Id: 4C5JJ34DJWz4V2B X-Spamd-Bar: - Authentication-Results: mx1.freebsd.org; dkim=fail (headers rsa verify failed) header.d=puchar.net header.s=default header.b=JkocjJLi; dmarc=none; spf=pass (mx1.freebsd.org: domain of wojtek@puchar.net designates 194.1.144.90 as permitted sender) smtp.mailfrom=wojtek@puchar.net X-Spamd-Result: default: False [-1.29 / 15.00]; MID_RHS_MATCH_FROM(0.00)[]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-0.89)[-0.887]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[3]; R_DKIM_REJECT(1.00)[puchar.net:s=default]; R_SPF_ALLOW(-0.20)[+mx]; MIME_GOOD(-0.10)[text/plain]; DMARC_NA(0.00)[puchar.net]; NEURAL_HAM_LONG(-1.05)[-1.051]; TO_DN_SOME(0.00)[]; TO_MATCH_ENVRCPT_SOME(0.00)[]; DKIM_TRACE(0.00)[puchar.net:-]; NEURAL_HAM_SHORT(-0.05)[-0.054]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; RCVD_TLS_LAST(0.00)[]; ASN(0.00)[asn:43476, ipnet:194.1.144.0/24, country:PL]; RCVD_COUNT_TWO(0.00)[2]; MAILMAN_DEST(0.00)[freebsd-hackers] X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 06 Oct 2020 13:30:44 -0000 >> >> any idea why? > > This should be related to user terminal size that's configured by user terminal emulator in case of network login. > In case of VGA console, it's configured by console driver itself. Not VGA console. serial console. connected to same sized rxvt as ssh. > > In case of serial console, the system known nothing about user terminal size initially, > so FreeBSD's default .login/.profile scripts contain call to resizewin utility. > Read its manual page resizewin(1) and make sure you have "resizewin -z" in your shell's profile. added to .bash_profile - i will check the results next time i will be there and use serial port From owner-freebsd-hackers@freebsd.org Wed Oct 7 07:58:49 2020 Return-Path: Delivered-To: freebsd-hackers@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id F18233FFB01 for ; Wed, 7 Oct 2020 07:58:49 +0000 (UTC) (envelope-from shamanthkrishna23@gmail.com) Received: from mail-wr1-x431.google.com (mail-wr1-x431.google.com [IPv6:2a00:1450:4864:20::431]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4C5mtd0GKmz4W2r for ; Wed, 7 Oct 2020 07:58:48 +0000 (UTC) (envelope-from shamanthkrishna23@gmail.com) Received: by mail-wr1-x431.google.com with SMTP id w5so1004089wrp.8 for ; Wed, 07 Oct 2020 00:58:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=cu50YFdHenPJAr7xFjhFizHkHmKBQgg9yEahb8QUbGc=; b=XTuXPyioCpDXH16mY5Kk1ASv4jja+iN1FPhmoptyu21I2lVv+jbT2ThaWLnD9nhb88 +n3u3P8c0wTsg9TkjEtRQxosdb07ouaAulG4zPI6zWaKpwj94irLbLfJKxM5OnlwuUMg mE0UMNl8yk4bou9D9NZx70DzDADEKEs2vtgkV5zWJ9GIUwiA1BXtYm8zqXxgqnymjx3Y KGXJdbexFI3QQ7idVo34W9rfBUWdDXPhQdGNC+DsaMEvh+UN1I6bjkAsvA/724jv+6o0 ao+F9CuGISE184UWl+GBCBRi38VQPOKqQVuobpOF63g4q5RjN7MD/qgqNO2YPBpCVWn9 ZgMw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=cu50YFdHenPJAr7xFjhFizHkHmKBQgg9yEahb8QUbGc=; b=oy5V9+zuFAyDCb75ML74Mz7B8HJM/dKtv+nRl9YLTgW9pgBoApNXTqm+MvN64+Wc83 1pHvK44uvDVPwBaXaZzPZAHh8qrkvJzVZ4m7R9ers5331pVmn7jKKaXYRN6Tin6ANkUi jkxCw6vmf4D+yt0RGwVayW0LJ8THOectw4Ps2VmQ8ZHXgUe/5gV37/JDXorVrpONL3Cl nyUHVPLrJJQ0LnnF2kr5SKXhZcJ3b/ihiS0ds391GxfSTLDu6u9/MTbadbkgNe4Wsgji 4BgrupZj99izilEK7vNM8IHFlNojisDMhCyHrvBhDYkR6W9fDVzOTwEd4RutdZTtWMzw U/ag== X-Gm-Message-State: AOAM532vb7DV8vGhk9ojpUvWE9MZypG39VZ3peMfBbqoeCTCEb53Tc9s cKio5mSuYoA+wIjjZns4Rq6YOmF471qvVqk41Bt9uWaiPgk= X-Google-Smtp-Source: ABdhPJyQQyA/KBCSUV0mtFzZJ+8WwFhuYr5pGpzOus3LxOec6rKaaNmxmhtKB+wnjplYS8tVfxuSCS7B5R0Ttrfw64A= X-Received: by 2002:adf:df81:: with SMTP id z1mr2122222wrl.9.1602057526669; Wed, 07 Oct 2020 00:58:46 -0700 (PDT) MIME-Version: 1.0 From: SHAMANTHA KRISHNA K G Date: Wed, 7 Oct 2020 13:28:34 +0530 Message-ID: Subject: swap vm object To: freebsd-hackers@freebsd.org X-Rspamd-Queue-Id: 4C5mtd0GKmz4W2r X-Spamd-Bar: --- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20161025 header.b=XTuXPyio; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (mx1.freebsd.org: domain of shamanthkrishna23@gmail.com designates 2a00:1450:4864:20::431 as permitted sender) smtp.mailfrom=shamanthkrishna23@gmail.com X-Spamd-Result: default: False [-3.12 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.01)[-1.013]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20161025]; RCVD_TLS_ALL(0.00)[]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+ip6:2a00:1450:4000::/36:c]; FREEMAIL_FROM(0.00)[gmail.com]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-hackers@freebsd.org]; TO_DN_NONE(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; NEURAL_HAM_LONG(-1.02)[-1.023]; TO_MATCH_ENVRCPT_ALL(0.00)[]; DKIM_TRACE(0.00)[gmail.com:+]; DMARC_POLICY_ALLOW(-0.50)[gmail.com,none]; RCVD_IN_DNSWL_NONE(0.00)[2a00:1450:4864:20::431:from]; NEURAL_HAM_SHORT(-0.08)[-0.083]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ASN(0.00)[asn:15169, ipnet:2a00:1450::/32, country:US]; RCVD_COUNT_TWO(0.00)[2]; MAILMAN_DEST(0.00)[freebsd-hackers]; DWL_DNSWL_NONE(0.00)[gmail.com:dkim] Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.33 X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 07 Oct 2020 07:58:50 -0000 Hello All , What is a swap vm object in case of /proc//map ? Thank you, -Shamantha From owner-freebsd-hackers@freebsd.org Wed Oct 7 13:30:48 2020 Return-Path: Delivered-To: freebsd-hackers@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 6A6BB42F42B for ; Wed, 7 Oct 2020 13:30:48 +0000 (UTC) (envelope-from markjdb@gmail.com) Received: from mail-qk1-x734.google.com (mail-qk1-x734.google.com [IPv6:2607:f8b0:4864:20::734]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4C5wFd4bhnz4px7 for ; Wed, 7 Oct 2020 13:30:45 +0000 (UTC) (envelope-from markjdb@gmail.com) Received: by mail-qk1-x734.google.com with SMTP id 140so921505qko.2 for ; Wed, 07 Oct 2020 06:30:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=sender:date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to; bh=QmhtXYNVNxq8gj+9+a54fdXcyIffjaCKBtt3ZOFdg+U=; b=ER5o/ngfe5f9laLSrv44NRmOUvc5Yn0w0jlfiyUFHBdLl4GQpNGSAhApwKlKbLBfJX 7pCR8bcjlMZWjqnX2ml86OoTrVA+UDQ1B2gBn37HP+8Yn3jSsWCeYyxmzpIJORJrRohl ajADdPXHcwk7rBgNReTQZ3VGfKbrICtnZK2Gs/dKEQ+JVyyFWtFsLwAtP6d41EmEWZHO NZqCX3nPGvlqZUkyL3r6lnjw1khO24R4v21yWZcy1trcROy7XCxCjazBRZEx+X9NKSxx LbcNuA6DFMRDTr3bGzqoE3icwmSyyExnBkY8z8AQ9wMmQIP1m+zwQ4KT7ZkiZBtYxQhO rwjg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:date:from:to:cc:subject:message-id :references:mime-version:content-disposition:in-reply-to; bh=QmhtXYNVNxq8gj+9+a54fdXcyIffjaCKBtt3ZOFdg+U=; b=RSHJ7ZPaB8/WTwQCet4kf70O7yd8i4kusqQmQl6RuC33GQ4barLEvKrb1FCpPApJuL /PmV+Pa4drQ4EtdYXJIp1VmBGOItHqVKCwMQugdn+Aod4eTo/iUEWbPgOIbURsWdHFTk q9S4mVcxog4/DC/issZ/j/ssyRkfBX4XEGYy5S8okwVvEccABeGndsUnM136XK91aLLR vOlQoYubc2GJIzO3YM2atiu1nRCyyZhA740QJMll4DUBJUbZz2A/WEiLzRtDnJVTNAOr C3HLsz2ajBrS2QRoKGTSSFVneikLfnPQ90gq8/QbekY8eO+kdrFrQBGIq/1SCjbHP5ta Pc6Q== X-Gm-Message-State: AOAM533RJbBQ5Mt8OoGlrhydHMRo4/JsddVhKONNu/4Iz9kGUIM0OARS 3AA2oMu0ykmNJ3w/nJbZjjs8TMCKv9c= X-Google-Smtp-Source: ABdhPJzERgiKvOZ6ZNncVny6jeeMS/7Pu9HsNAdhbA2CSReY12rGoBKtl+dbkgYPLMdjMEg471kFPA== X-Received: by 2002:a37:aa51:: with SMTP id t78mr2781752qke.170.1602077444694; Wed, 07 Oct 2020 06:30:44 -0700 (PDT) Received: from raichu (toroon0560w-lp130-01-174-88-77-103.dsl.bell.ca. [174.88.77.103]) by smtp.gmail.com with ESMTPSA id g19sm1344886qka.84.2020.10.07.06.30.42 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 07 Oct 2020 06:30:43 -0700 (PDT) Sender: Mark Johnston Date: Wed, 7 Oct 2020 09:30:39 -0400 From: Mark Johnston To: SHAMANTHA KRISHNA K G Cc: freebsd-hackers@freebsd.org Subject: Re: swap vm object Message-ID: <20201007122452.GA92185@raichu> References: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Rspamd-Queue-Id: 4C5wFd4bhnz4px7 X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20161025 header.b=ER5o/ngf; dmarc=none; spf=pass (mx1.freebsd.org: domain of markjdb@gmail.com designates 2607:f8b0:4864:20::734 as permitted sender) smtp.mailfrom=markjdb@gmail.com X-Spamd-Result: default: False [-2.07 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36:c]; RCVD_COUNT_THREE(0.00)[3]; DKIM_TRACE(0.00)[gmail.com:+]; RCPT_COUNT_TWO(0.00)[2]; NEURAL_HAM_SHORT(-0.31)[-0.315]; FREEMAIL_TO(0.00)[gmail.com]; FORGED_SENDER(0.30)[markj@freebsd.org,markjdb@gmail.com]; MIME_TRACE(0.00)[0:+]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]; FROM_NEQ_ENVFROM(0.00)[markj@freebsd.org,markjdb@gmail.com]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.02)[-1.020]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20161025]; FROM_HAS_DN(0.00)[]; NEURAL_HAM_LONG(-1.04)[-1.036]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-hackers@freebsd.org]; DMARC_NA(0.00)[freebsd.org]; TO_MATCH_ENVRCPT_SOME(0.00)[]; RCVD_IN_DNSWL_NONE(0.00)[2607:f8b0:4864:20::734:from]; MID_RHS_NOT_FQDN(0.50)[]; RCVD_TLS_ALL(0.00)[]; MAILMAN_DEST(0.00)[freebsd-hackers] X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 07 Oct 2020 13:30:51 -0000 On Wed, Oct 07, 2020 at 01:28:34PM +0530, SHAMANTHA KRISHNA K G wrote: > Hello All , > > What is a swap vm object in case of /proc//map ? It represents memory that is backed by the swap device. If the system is forced to reclaim memory from this object, it will first use the swap pager to write the pages' contents to a swap device. Then, a subsequent access can recover the data by paging in from the swap device. Often such objects contain anonymous pages, such as those allocated using malloc(). They are also used for certain persistent objects, such as tmpfs or shared memory files. From owner-freebsd-hackers@freebsd.org Wed Oct 7 16:45:27 2020 Return-Path: Delivered-To: freebsd-hackers@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id F123B4332D9; Wed, 7 Oct 2020 16:45:27 +0000 (UTC) (envelope-from kevans@freebsd.org) Received: from smtp.freebsd.org (smtp.freebsd.org [96.47.72.83]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "smtp.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4C60ZH6BHZz3XHP; Wed, 7 Oct 2020 16:45:27 +0000 (UTC) (envelope-from kevans@freebsd.org) Received: from mail-qt1-f179.google.com (mail-qt1-f179.google.com [209.85.160.179]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) (Authenticated sender: kevans) by smtp.freebsd.org (Postfix) with ESMTPSA id B354617902; Wed, 7 Oct 2020 16:45:27 +0000 (UTC) (envelope-from kevans@freebsd.org) Received: by mail-qt1-f179.google.com with SMTP id c23so2474236qtp.0; Wed, 07 Oct 2020 09:45:27 -0700 (PDT) X-Gm-Message-State: AOAM530Ym/zQeOlR26mXNIj2eRX0SrevAzK+OHDgaCnyFzeFD1r4yytZ OKPuYBY2N2zMtpQRywgvjnCJvmt1Bt4UP+Btt5Q= X-Google-Smtp-Source: ABdhPJxpnjTDdZC4PSyyC6gntcASGvRc4yq0lNEENqowdTtUfyDaqQkX5azCS4ff48tCskW7NUrn74E7NzNKeJDTbuM= X-Received: by 2002:ac8:3975:: with SMTP id t50mr4150020qtb.53.1602089127208; Wed, 07 Oct 2020 09:45:27 -0700 (PDT) MIME-Version: 1.0 From: Kyle Evans Date: Wed, 7 Oct 2020 11:45:16 -0500 X-Gmail-Original-Message-ID: Message-ID: Subject: Domain Patches To: freebsd-net , FreeBSD Hackers Content-Type: text/plain; charset="UTF-8" X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 07 Oct 2020 16:45:28 -0000 Hi, I have a couple of domain patches in review, if anyone would like to comment/review the area: https://reviews.freebsd.org/D25062 adds a dom_probe callback so that domains can indicate whether they should be supported at all or not. This avoids some dirty stuff in domains that may not be supported based on the hardware that's present (e.g. hvsock included in the review, which shouldn't be available outside of HyperV). Instead of having to account for circumstances like that in individual callbacks, this is a single hammer to prevent any further reach into the domain. D25062 also updates domain(9) to reflect some changes from the past 11 years (splitting initialization out into domain_init, dom_destroy addition). https://reviews.freebsd.org/D25459 should make it safe to add domains after domainfinalize (i.e. they can be loadable at runtime). The big issue with doing this previously is that pfslowtimo/pffasttimo have already been setup and may be called on domains that aren't completely initialized. There are some additional races re: socket creation that should be addressed, but this review should be sufficient for at least removing the warning. Thanks, Kyle Evans From owner-freebsd-hackers@freebsd.org Wed Oct 7 16:49:26 2020 Return-Path: Delivered-To: freebsd-hackers@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 3482C433A47 for ; Wed, 7 Oct 2020 16:49:26 +0000 (UTC) (envelope-from shamanthkrishna23@gmail.com) Received: from mail-wr1-x42b.google.com (mail-wr1-x42b.google.com [IPv6:2a00:1450:4864:20::42b]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4C60fs39Bqz3XTY; Wed, 7 Oct 2020 16:49:25 +0000 (UTC) (envelope-from shamanthkrishna23@gmail.com) Received: by mail-wr1-x42b.google.com with SMTP id t9so2973408wrq.11; Wed, 07 Oct 2020 09:49:25 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=exwXZsb2QQzW58Fj6MYPoNqpX5HwZbnR/fzJC4JZNs4=; b=KJgkBf4VTPN+Pe1sKadxZ+Gwj8+xVgfAy1SMLATbSsjaxJ7DnUCeMQgxXOFNIfmouY uqqd/ir8Z1xrDwx9EZmEg9vuxfW0s4CB0Y65eg2TWE2MIAXfOr8jjLYVghFLWDwQfKzj S0O+Q0iQpcaDXR+tQQ+fsIJttDkeVKD4xNq3LyU0xlxP9r8rmUbMx4mz8uqFTs+CkeCk cG/WA1xhSt2XbOBGKhYgOQMehGu67UMw7Mg/IMIVZCVp3GI8BPLjzDB2xug0MSyBnisq RZqEpE1qpkbpluCG2S7Xditc9sVdMeL2xnSoVfoElGWihyFIdRX8z1YdurQheAf6o0Bq Es1g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=exwXZsb2QQzW58Fj6MYPoNqpX5HwZbnR/fzJC4JZNs4=; b=aVW49LHTsyGPfEhRBko70sLeY4z3mHzYqi2w2swjMhdVJePxr7JgbloE1PhHiOPmxS s0q8fuZpaPnjdGe5MLT761yNVclSrcrOPuYjIGC9HKjx+xlrxZ5x2alfylXe0bdOPvnZ FKAp8NBUeYM953I5JnweKM4tsTaIqyIwTsTupA13z0878wVZWa/EvuLBOTRwxYePePtC jhliCNU4pSt8MZ0d6iVH3INNGWtTFLsYigyx78IJvNvk7L1zzzAfpRirGxxYcUBnbKwL 4+LR020yAONEp6kLe9pJI1HtlkxGgDbNGxQNPF+abWK2MpDTJWMjQMLI8U4M5b9WO4Bw JkBg== X-Gm-Message-State: AOAM532Bk1wiCYM5VHvKqRjPFxWJJHlJoByub2eyjXHVdOt0sBjUyKbD ye78EgMZmQ4LzqbKjuYHB4Jl/gMLBS8GCxVkh2AyexqTCHQ= X-Google-Smtp-Source: ABdhPJwtVN1UBK1WG3w1JcG0k+RV/n0NNqzgv8dQDSOYkX6Vu6o2gqsy2TMcPjfNqn9aasYw8dgSXFKOPav01v9vLwg= X-Received: by 2002:adf:f701:: with SMTP id r1mr4564252wrp.341.1602089363199; Wed, 07 Oct 2020 09:49:23 -0700 (PDT) MIME-Version: 1.0 References: <20201007122452.GA92185@raichu> In-Reply-To: <20201007122452.GA92185@raichu> From: SHAMANTHA KRISHNA K G Date: Wed, 7 Oct 2020 22:19:12 +0530 Message-ID: Subject: Re: swap vm object To: Mark Johnston Cc: freebsd-hackers@freebsd.org X-Rspamd-Queue-Id: 4C60fs39Bqz3XTY X-Spamd-Bar: --- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20161025 header.b=KJgkBf4V; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (mx1.freebsd.org: domain of shamanthkrishna23@gmail.com designates 2a00:1450:4864:20::42b as permitted sender) smtp.mailfrom=shamanthkrishna23@gmail.com X-Spamd-Result: default: False [-3.52 / 15.00]; RCVD_TLS_ALL(0.00)[]; ARC_NA(0.00)[]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20161025]; NEURAL_HAM_MEDIUM(-1.01)[-1.009]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; FREEMAIL_FROM(0.00)[gmail.com]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; R_SPF_ALLOW(-0.20)[+ip6:2a00:1450:4000::/36]; NEURAL_HAM_LONG(-1.03)[-1.029]; DKIM_TRACE(0.00)[gmail.com:+]; RCPT_COUNT_TWO(0.00)[2]; RCVD_IN_DNSWL_NONE(0.00)[2a00:1450:4864:20::42b:from]; NEURAL_HAM_SHORT(-0.48)[-0.480]; DMARC_POLICY_ALLOW(-0.50)[gmail.com,none]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ASN(0.00)[asn:15169, ipnet:2a00:1450::/32, country:US]; RCVD_COUNT_TWO(0.00)[2]; MAILMAN_DEST(0.00)[freebsd-hackers]; DWL_DNSWL_NONE(0.00)[gmail.com:dkim] Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.33 X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 07 Oct 2020 16:49:26 -0000 Hello Mark, Thank you very much for the heads up,may you please tell how it differs from a default vm object. Thanks in advance. -Shamantha. On Wed, 7 Oct 2020, 19:00 Mark Johnston, wrote: > On Wed, Oct 07, 2020 at 01:28:34PM +0530, SHAMANTHA KRISHNA K G wrote: > > Hello All , > > > > What is a swap vm object in case of /proc//map ? > > It represents memory that is backed by the swap device. If the system > is forced to reclaim memory from this object, it will first use the swap > pager to write the pages' contents to a swap device. Then, a subsequent > access can recover the data by paging in from the swap device. > > Often such objects contain anonymous pages, such as those allocated > using malloc(). They are also used for certain persistent objects, such > as tmpfs or shared memory files. > From owner-freebsd-hackers@freebsd.org Wed Oct 7 17:05:45 2020 Return-Path: Delivered-To: freebsd-hackers@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 35297433E58 for ; Wed, 7 Oct 2020 17:05:45 +0000 (UTC) (envelope-from markjdb@gmail.com) Received: from mail-qt1-x842.google.com (mail-qt1-x842.google.com [IPv6:2607:f8b0:4864:20::842]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4C611h4VLsz3Y3C for ; Wed, 7 Oct 2020 17:05:44 +0000 (UTC) (envelope-from markjdb@gmail.com) Received: by mail-qt1-x842.google.com with SMTP id g3so2502411qtq.10 for ; Wed, 07 Oct 2020 10:05:44 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=sender:date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to; bh=kEiTF/1zE1Mbi0xaDCK1Ongk86toXBrrw3lQuwQoPIE=; b=eTomSlZ9Oq9VKjmN1nk1y1v2ZFPta0U2fQAWYgoBabgjndccKqS0DmRW6kCh+T9Qh3 0pZ8A7iwS4BxnjgF8i4hGeORrfO6pU4JXFZk3rCNmuHvnmT/Ik8DZEYEiBZJk0rBasl8 eTUvMn7IQRyUSCNZ+o4YmMAaS+eHy7bdCTx6y8/PG2aPN9/v8OZGpvI8u5AvwSDf5GMq QB1Rq6RF+VDEoILsKnIg4AIv6pRuKfC0gaLiD8VSNVE1iC33J1YonlgosKARpg4sS2xF ziFiDptGMd7k2LIA5kthmBVBwAG1QZKvtifLqpX2+a2mK2W6PyuwwQn5/BXfb7N0Xgjc S/AA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:date:from:to:cc:subject:message-id :references:mime-version:content-disposition:in-reply-to; bh=kEiTF/1zE1Mbi0xaDCK1Ongk86toXBrrw3lQuwQoPIE=; b=n/zgXDOohgLe/UEtHvqsyF8zuj1QzxRBBRMDCRdlGY1BaMVcfC4uKZiHvKhh+djq1p vwnb3USyEl+5CJshXVFkqGUYoF6z5UbteRdM+6FTuteng1cxPr0+xnyvWP9yXxk/kGVp Z0QouR8jSksvQGQDtgMIXnQrnTNTf2Q0z96NGX4UDfILtvk3+bwV/x4AHFcDC6HtS1YB SGVV8j8KYOr6SrYmjjdsQ81Mvn43bPCVtqdGtnjjgiK7ZZbvtTA2DBVaH60lsZ3d7Es0 yZE37tDKWhhJKmiu9nsezLW2vs2mlIdgnQKmPgb9Evf8aa+yzwy833doy0J8dJRak4bY l9FQ== X-Gm-Message-State: AOAM532uaVorI/bzE2YUNTGsEdLb6gRR926q6NY1Gse7C48nhh8NKPTl DKa7OmULXGLIYBugl2DLVPM= X-Google-Smtp-Source: ABdhPJzvAM+bvD7zYaoU6GqYLGvl7u/43+ZTbm4TL+ia4k3hM/zYLWKZg0Or7KYit3Juv6pUVXA+Gg== X-Received: by 2002:ac8:39c5:: with SMTP id v63mr4248828qte.12.1602090343853; Wed, 07 Oct 2020 10:05:43 -0700 (PDT) Received: from raichu (toroon0560w-lp130-01-174-88-77-103.dsl.bell.ca. [174.88.77.103]) by smtp.gmail.com with ESMTPSA id k64sm1676484qkc.97.2020.10.07.10.05.42 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 07 Oct 2020 10:05:42 -0700 (PDT) Sender: Mark Johnston Date: Wed, 7 Oct 2020 13:05:40 -0400 From: Mark Johnston To: SHAMANTHA KRISHNA K G Cc: freebsd-hackers@freebsd.org Subject: Re: swap vm object Message-ID: <20201007170540.GB92185@raichu> References: <20201007122452.GA92185@raichu> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Rspamd-Queue-Id: 4C611h4VLsz3Y3C X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20161025 header.b=eTomSlZ9; dmarc=none; spf=pass (mx1.freebsd.org: domain of markjdb@gmail.com designates 2607:f8b0:4864:20::842 as permitted sender) smtp.mailfrom=markjdb@gmail.com X-Spamd-Result: default: False [-2.46 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36:c]; RCVD_COUNT_THREE(0.00)[3]; DKIM_TRACE(0.00)[gmail.com:+]; RCPT_COUNT_TWO(0.00)[2]; NEURAL_HAM_SHORT(-0.71)[-0.709]; FREEMAIL_TO(0.00)[gmail.com]; FORGED_SENDER(0.30)[markj@freebsd.org,markjdb@gmail.com]; MIME_TRACE(0.00)[0:+]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]; FROM_NEQ_ENVFROM(0.00)[markj@freebsd.org,markjdb@gmail.com]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.02)[-1.019]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20161025]; FROM_HAS_DN(0.00)[]; NEURAL_HAM_LONG(-1.03)[-1.030]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-hackers@freebsd.org]; DMARC_NA(0.00)[freebsd.org]; TO_MATCH_ENVRCPT_SOME(0.00)[]; RCVD_IN_DNSWL_NONE(0.00)[2607:f8b0:4864:20::842:from]; MID_RHS_NOT_FQDN(0.50)[]; RCVD_TLS_ALL(0.00)[]; MAILMAN_DEST(0.00)[freebsd-hackers] X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 07 Oct 2020 17:05:45 -0000 On Wed, Oct 07, 2020 at 10:19:12PM +0530, SHAMANTHA KRISHNA K G wrote: > Hello Mark, > Thank you very much for the heads up,may you please tell how it > differs from a default vm object. An OBJT_DEFAULT VM object is just a swap object for which the swap pager holds no blocks. The first time that the system pages out from a default object, it gets converted to a proper swap object; see the beginning of swap_pager_putpages(). Default objects only exist as an optimization: certain operations on default objects are cheaper because the kernel knows it can avoid interrogating the swap pager. In many cases default objects are short-lived and never undergo a pageout operation. This optimization may be less important now than it used to be: r322913 replaced a global object+pindex->swap block hash table with per-object trees mapping page indices to swap blocks. > On Wed, 7 Oct 2020, 19:00 Mark Johnston, wrote: > > > On Wed, Oct 07, 2020 at 01:28:34PM +0530, SHAMANTHA KRISHNA K G wrote: > > > Hello All , > > > > > > What is a swap vm object in case of /proc//map ? > > > > It represents memory that is backed by the swap device. If the system > > is forced to reclaim memory from this object, it will first use the swap > > pager to write the pages' contents to a swap device. Then, a subsequent > > access can recover the data by paging in from the swap device. > > > > Often such objects contain anonymous pages, such as those allocated > > using malloc(). They are also used for certain persistent objects, such > > as tmpfs or shared memory files. > > From owner-freebsd-hackers@freebsd.org Wed Oct 7 18:33:43 2020 Return-Path: Delivered-To: freebsd-hackers@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 96FD843583B; Wed, 7 Oct 2020 18:33:43 +0000 (UTC) (envelope-from kevans@freebsd.org) Received: from smtp.freebsd.org (smtp.freebsd.org [IPv6:2610:1c1:1:606c::24b:4]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "smtp.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4C62zC3V3lz3cx7; Wed, 7 Oct 2020 18:33:43 +0000 (UTC) (envelope-from kevans@freebsd.org) Received: from mail-qt1-f176.google.com (mail-qt1-f176.google.com [209.85.160.176]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) (Authenticated sender: kevans) by smtp.freebsd.org (Postfix) with ESMTPSA id 571D618655; Wed, 7 Oct 2020 18:33:43 +0000 (UTC) (envelope-from kevans@freebsd.org) Received: by mail-qt1-f176.google.com with SMTP id q26so2823648qtb.5; Wed, 07 Oct 2020 11:33:43 -0700 (PDT) X-Gm-Message-State: AOAM533dp7aFTky6kSexS397NyHZryPub3XifF7AWoGf9OAOA6xvTpIw ++PC5WSjVGIKEV29EaZ9UiOydumxhqx17cc5if8= X-Google-Smtp-Source: ABdhPJwkn/r+yIhIAgRQ2aVYuEgyltJPtfXreWbbVozWXy8Wu3XIWLYaPWLbrzghm1KFR/wng77A8tKhPbXoOq8fTPk= X-Received: by 2002:ac8:33e8:: with SMTP id d37mr4467446qtb.310.1602095622771; Wed, 07 Oct 2020 11:33:42 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: Kyle Evans Date: Wed, 7 Oct 2020 13:33:31 -0500 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: Domain Patches To: freebsd-net , FreeBSD Hackers Content-Type: text/plain; charset="UTF-8" X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 07 Oct 2020 18:33:43 -0000 On Wed, Oct 7, 2020 at 11:45 AM Kyle Evans wrote: > > Hi, > > I have a couple of domain patches in review, if anyone would like to > comment/review the area: > > https://reviews.freebsd.org/D25062 adds a dom_probe callback so that > domains can indicate whether they should be supported at all or not. > This avoids some dirty stuff in domains that may not be supported > based on the hardware that's present (e.g. hvsock included in the > review, which shouldn't be available outside of HyperV). Instead of > having to account for circumstances like that in individual callbacks, > this is a single hammer to prevent any further reach into the domain. > > D25062 also updates domain(9) to reflect some changes from the past 11 > years (splitting initialization out into domain_init, dom_destroy > addition). > > https://reviews.freebsd.org/D25459 should make it safe to add domains > after domainfinalize (i.e. they can be loadable at runtime). The big > issue with doing this previously is that pfslowtimo/pffasttimo have > already been setup and may be called on domains that aren't completely > initialized. There are some additional races re: socket creation that > should be addressed, but this review should be sufficient for at least > removing the warning. Add https://reviews.freebsd.org/D26709 to the list -- in D25459, mjg suggested adding some lists with domains or protocols that actually have {slow,fast}timo callbacks to avoid additional overhead from branching+atomics in those callbacks. Thanks, Kyle Evans From owner-freebsd-hackers@freebsd.org Wed Oct 7 19:11:17 2020 Return-Path: Delivered-To: freebsd-hackers@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 003074361ED for ; Wed, 7 Oct 2020 19:11:17 +0000 (UTC) (envelope-from jilles@stack.nl) Received: from mail04.stack.nl (blade.stack.nl [51.15.111.152]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "*.stack.nl", Issuer "Sectigo RSA Domain Validation Secure Server CA" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4C63pX0LLNz3ffN; Wed, 7 Oct 2020 19:11:15 +0000 (UTC) (envelope-from jilles@stack.nl) Received: from localhost (localhost.localdomain [127.0.0.1]) by mail04.stack.nl (Postfix) with ESMTP id 1CBE837C; Wed, 7 Oct 2020 19:11:08 +0000 (UTC) Received: from mail04.stack.nl ([127.0.0.1]) by localhost (mail04.stack.nl [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0o4kJl2Pod_t; Wed, 7 Oct 2020 19:11:05 +0000 (UTC) Received: from blade.stack.nl (blade.stack.nl [192.168.122.130]) by mail04.stack.nl (Postfix) with ESMTP id E08641F9; Wed, 7 Oct 2020 19:11:05 +0000 (UTC) Received: by blade.stack.nl (Postfix, from userid 1677) id B3C4C20787; Wed, 7 Oct 2020 21:11:05 +0200 (CEST) Date: Wed, 7 Oct 2020 21:11:05 +0200 From: Jilles Tjoelker To: Kyle Evans Cc: Yuri , Freebsd hackers list Subject: Re: Is it possible to exit the chroot(2) environment? Message-ID: <20201007191105.GA15802@stack.nl> References: <9fa46833-63c2-a77f-98dd-111f6502dc74@rawbw.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.9.4 (2018-02-28) X-Rspamd-Queue-Id: 4C63pX0LLNz3ffN X-Spamd-Bar: - Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=pass (mx1.freebsd.org: domain of jilles@stack.nl designates 51.15.111.152 as permitted sender) smtp.mailfrom=jilles@stack.nl X-Spamd-Result: default: False [-1.81 / 15.00]; RCVD_TLS_LAST(0.00)[]; ARC_NA(0.00)[]; FREEFALL_USER(0.00)[jilles]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[3]; R_SPF_ALLOW(-0.20)[+ip4:51.15.111.152]; MID_RHS_MATCH_FROM(0.00)[]; MIME_GOOD(-0.10)[text/plain]; DMARC_NA(0.00)[stack.nl]; NEURAL_HAM_LONG(-1.04)[-1.041]; RCVD_COUNT_THREE(0.00)[4]; TO_MATCH_ENVRCPT_SOME(0.00)[]; TO_DN_ALL(0.00)[]; NEURAL_HAM_SHORT(-0.43)[-0.426]; NEURAL_HAM_MEDIUM(-1.04)[-1.040]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:12876, ipnet:51.15.0.0/17, country:FR]; SUBJECT_ENDS_QUESTION(1.00)[]; MAILMAN_DEST(0.00)[freebsd-hackers] X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 07 Oct 2020 19:11:17 -0000 On Sun, Sep 27, 2020 at 03:09:28PM -0500, Kyle Evans wrote: > On Sun, Sep 27, 2020 at 3:04 PM Yuri wrote: > > On 2020-09-27 12:56, Kyle Evans wrote: > > > kern.chroot_allow_open_directories to some value that isn't 0 or 1. > > It succeeds with kern.chroot_allow_open_directories=2. > Ok, so Warner's proposal was correct and we've verified the semantics > work out the same, this is simply a behavioral difference in that > we're a little more strict -- presumably to make it less trivial to > break out of a chroot. > I suspect a default change for the sysctl/behavior is unlikely, your > best bet to move forward is probably to work out if they really need > to have dangling directories open and correct that if at all possible. The kern.chroot_allow_open_directories sysctl is only a small speed bump that mainly prevents accidental leaks of directory file descriptors, since exchanging directory file descriptors via Unix domain sockets is not prevented. That way, only the values 0 and 2 for the sysctl seem to make sense. Therefore, a workaround might be to stuff the file descriptor into a Unix domain socket and close it. If people actually build software that uses that workaround, changing the default for the sysctl may be appropriate. This kind of thing might help two collaborating chrooted processes escape if there is a common directory (via nullfs or bind mounts) that at least one of them can write to. FreeBSD also maintains pwd_jdir for the first chroot ever done by a process; therefore, chrooting and escaping again will not leave the process's state unchanged, unless the process is already chrooted via, for example, init_chroot or a jail. -- Jilles Tjoelker From owner-freebsd-hackers@freebsd.org Fri Oct 9 20:02:45 2020 Return-Path: Delivered-To: freebsd-hackers@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 42E4C42A3D3 for ; Fri, 9 Oct 2020 20:02:45 +0000 (UTC) (envelope-from core-secretary@freebsd.org) Received: from mailman.nyi.freebsd.org (unknown [127.0.1.3]) by mx1.freebsd.org (Postfix) with ESMTP id 4C7Js1157xz4n1K for ; Fri, 9 Oct 2020 20:02:45 +0000 (UTC) (envelope-from core-secretary@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id 25293429DB9; Fri, 9 Oct 2020 20:02:45 +0000 (UTC) Delivered-To: hackers@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 23D87429BF1 for ; Fri, 9 Oct 2020 20:02:45 +0000 (UTC) (envelope-from core-secretary@freebsd.org) Received: from mail-ed1-f51.google.com (mail-ed1-f51.google.com [209.85.208.51]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4C7Js041Tqz4mf9 for ; Fri, 9 Oct 2020 20:02:44 +0000 (UTC) (envelope-from core-secretary@freebsd.org) Received: by mail-ed1-f51.google.com with SMTP id t20so4340507edr.11 for ; Fri, 09 Oct 2020 13:02:44 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:reply-to:mime-version:date:subject:to :message-id; bh=IPaqVKW7+pooToY3Tk3tLPWXzJg+Ms40PTd71+NU5JY=; b=quSCIMG30xf27sWLeVhmim0xOgXyvYG2ZIbBxLbMNIpghyK+bh/GWg4R1jgCuPk0sh 9sW6UYkjq1xisHndb1a5JKt2Av0wsTdglJekoWSY4mrSwNPuMYtgYeESZohlbPMYhLq5 MpD48XSvDOkHysoaEhpcrAiWa7f7/DO+yuR39Kv1wKjtw4bHxVnCA4vyyWzFRCPbv4Lc SNGlUSaxcV01+aspsjdn/UszsKLPQ9adqJhlNv7XjxYiuLXPhDlyCcybj8D2C1y81Jef LMopy26SRqdkeive4yVXyryQCWbXW7E/wiGgWRdQgZwhNlU99R3Upt3gTHQZq2akdRoI /tHA== X-Gm-Message-State: AOAM533ngvhdE6Rrw0w01bMjHKchsf2xYnAecIgNvkpLrb6zZSpTbBXo WVoQNGRDz3b5lYutkNlZUcHtJ4YP X-Google-Smtp-Source: ABdhPJzY8KfNB2H/aMGy69PF2Z5OFthI3+FVjri5o/RKZT53CkUkSguBGKEbqZdrpNenOwAS3GK6lg== X-Received: by 2002:aa7:d782:: with SMTP id s2mr931272edq.111.1602273763209; Fri, 09 Oct 2020 13:02:43 -0700 (PDT) Received: from mx.bofh.network (mx.bofh.network. [2001:19f0:5001:2b77:5400:2ff:fe7b:aa2c]) by smtp.gmail.com with ESMTPSA id i20sm6285876edv.96.2020.10.09.13.02.41 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 09 Oct 2020 13:02:41 -0700 (PDT) Received: from [192.168.30.38] ( [118.179.171.14]) by mx.bofh.network (OpenSMTPD) with ESMTPSA id 39cd26b1 (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256:NO); Fri, 9 Oct 2020 20:02:39 +0000 (UTC) From: FreeBSD Core Team Secretary Content-Type: multipart/signed; boundary="Apple-Mail=_C2E3BEC7-4417-4C41-BB2C-1AC99EA15BF2"; protocol="application/pgp-signature"; micalg=pgp-sha512 Reply-To: FreeBSD Core Team Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.120.23.2.1\)) Date: Sat, 10 Oct 2020 02:02:28 +0600 Subject: Core Team Office Hours 4 To: announce@freebsd.org Message-Id: <40BD283C-24F8-44AC-9CDA-04E3FFD16247@freebsd.org> X-Mailer: Apple Mail (2.3608.120.23.2.1) X-Rspamd-Queue-Id: 4C7Js041Tqz4mf9 X-Spamd-Bar: / Authentication-Results: mx1.freebsd.org; none X-Spamd-Result: default: False [0.00 / 15.00]; local_wl_from(0.00)[freebsd.org]; ASN(0.00)[asn:15169, ipnet:209.85.128.0/17, country:US] X-Mailman-Approved-At: Fri, 09 Oct 2020 20:08:16 +0000 X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 09 Oct 2020 20:02:45 -0000 --Apple-Mail=_C2E3BEC7-4417-4C41-BB2C-1AC99EA15BF2 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 Based on the continuity of our last CORE Office Hours The FreeBSD CORE = Team would like to invite you all to a virtual town hall meeting. As = mentioned earlier this session is timed at 0200 UTC on 14th October, = 2020 geared towards the other part of the World but everyone is welcome = to join. See https://wiki.freebsd.org/OfficeHours for details on how to = join either a live stream to watch, or an interactive meeting to = participate. A link to this agenda (and any updates) will be there as = well. We=E2=80=99ll be discussing the following topics and taking general = questions at the end. We=E2=80=99ll have a moderator who will help call = on people in the meeting to ask questions (or to offer comments) as well = as relay relevant questions from IRC. a. Git Transition -- To raise awareness, Ed Maste and Warner Losh will = be giving a brief presentation about the state of the project=E2=80=99s = planned transition to git. They can answer a few questions here, but are = also planning an entire office hours on the git transition (tentatively = scheduled in two weeks). b. Recruiting for project teams -- When a new core team takes over, = it=E2=80=99s a good time to assess the needs of each of the teams that = we have running different aspects of the project, such as administering = our machines and helping keep FreeBSD secure. One common theme is the = need for more help. We=E2=80=99ll discuss what teams there are, and make = a recruiting pitch and answer any questions. c. Core TODO List publishing -- To continue the openness initiative, the = core team will start publishing out TODO list. This will be in addition = to the normal meeting minutes and other openness ideas. The new core = team would love to hear from the community how to improve our = communications. d. General Questions -- Time permitting, the core team can answer any = other questions or concerns the community might have. Thanks! We look forward to meeting you. Regards, Moin (bofh), with core-secretary@ hat on --Apple-Mail=_C2E3BEC7-4417-4C41-BB2C-1AC99EA15BF2 Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEES2Tp4L3ps+zAa1xm2MjIO0nybxcFAl+AwdRfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDRC NjRFOUUwQkRFOUIzRUNDMDZCNUM2NkQ4QzhDODNCNDlGMjZGMTcACgkQ2MjIO0ny bxcjtA/6AvAGZvGdByb3M7bQSKaBtLTI+biBqeqcKC3F6JeTx6Zs10mfXuufN20G VGYM7NujjkaSbxGSbk4LOH9qMV3zo9VsDwTRpBZLngqb6bNzWVP8+4O3YvbK6ZPs Szj2Dcco7OlSfsruCU8PTCSZP3m1msdnJ98VXHdFD/3+QAFN1xbaGs7uL9R7Mliz jWoj2dsEbhLc1RC5QqN4jZwaz4Y8BQzv93JQk3PpGlFgQqCYR+DtrO0Zej/EDS+I 4U/7DqheGqQfFYvcrtOEvtCPwPpi4xwgp4XWXrewCesDT4n27dCmLDqwRN2pZUq7 mUxmWTnXKm7qpNqAGc2iA2dWgpJXg3h+d/pz1+P+y8Xp1sTG/0cnyeNVY0JlZM1b 9RAPvG5ZagojYkf+ZqqNjVmWXf05jAbAvT4klLWsBC/AFNNGOml0TTdFs5Gvls15 dXrM2+TsnZtkT1x4PU8XWWOlMRNvfks+eAxFgcfRI97IrFngA79ySnsc3t82Z78R tWtfJaTnBvIKIWVj+fxVLroSc810qMw3iZkxFpPLWw10ZakAWKCilajkUTFWQIPd wpiFtOrFso7hBpmZ2NRfoPNAOBD2yu8x4INiLQnQW2pqgeKjMbtWZeBkFdXE7e+y d+hTxoHWqxetDWqkyl9JIor3f0FmcDh/enWUynemFYpTpjZJijE= =1Ylu -----END PGP SIGNATURE----- --Apple-Mail=_C2E3BEC7-4417-4C41-BB2C-1AC99EA15BF2--