From nobody Wed Aug 16 15:58:35 2023 X-Original-To: jail@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4RQt8r1VJxz4qnlL for ; Wed, 16 Aug 2023 15:58:36 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4RQt8q4vVZz3GgM for ; Wed, 16 Aug 2023 15:58:35 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1692201515; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=443C4EWvjJMGDMs00Kuh1l+D0Csu2OI0EIYRXxlEWwE=; b=bfG+YJU0cIW3/6gZi4Smvd6QWliztrlAD/qo28ARx9q7+4EYfIUdLdHhy81aJqSeRtsmmW Zj9dOBY/TOJ9WXy+9hRCXF+BlYY3KiD39AP4OCNBWNtc02h+0mA48U97HIZH9NBy7QrKh6 oAf1rAWWdDBnN3HyuSSPmeFuAPIOnmCdjJXDPSIccX29PcNX2H97BuhjCpAYOw0sXH+F45 7rURLaZv7zKRe2DLw+E20D8anXIRdLJ+V7tiwfnLkOmju6DFUCdbVVUtvxC6FZZ09Gdt8o H0dhdSwzkwpZ586x2NgHYghYuWgwuzHDrNFq3bq47TMMGTBu1QEd+GMrKDclTQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1692201515; a=rsa-sha256; cv=none; b=l5s7h4PjLV82kgC9C3gGIhJn4hFUinWe2ePgo8QEzXj5mbeODyBiiNZrIsMiZ09aBdW3u4 CaYpXHVZOOvJNQZh48BxhvzlgbgFFhlCdqAGyGYYNxoJVkOWLSQQZzRUwjKblOio+9DyRY IdaiPiH2LsOeVCz2lAIOSgEW0lvQFlxgdY92ifeFEFzuYo7IxPR+/SrnkeQfl9PtKCf3ti L7q/s9zH9vtiB/YZrgbEWL08IIznzIf4YPmu5J8Cb8O9WGPHVlUUtjAUis6umnqbRTijtB HrE5NJjQLBFwkQ/88xNSB5z+sQjRzizRepFeJdb+UPLlyAAzjLjpVGzgw6D+WQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4RQt8q3v9HzxfZ for ; Wed, 16 Aug 2023 15:58:35 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 37GFwZFJ077618 for ; Wed, 16 Aug 2023 15:58:35 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 37GFwZSF077617 for jail@FreeBSD.org; Wed, 16 Aug 2023 15:58:35 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: jail@FreeBSD.org Subject: [Bug 271069] syslogd service inside client jail requires restart before server jail receives logs Date: Wed, 16 Aug 2023 15:58:35 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: bin X-Bugzilla-Version: 13.2-RELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: jamie@FreeBSD.org X-Bugzilla-Status: Open X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: jail@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: cc Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Discussion about FreeBSD jail(8) List-Archive: https://lists.freebsd.org/archives/freebsd-jail List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-jail@freebsd.org MIME-Version: 1.0 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D271069 Jamie Gritton changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |jamie@FreeBSD.org --- Comment #9 from Jamie Gritton --- I wouldn't want to change SIOCAIFADDR or /sbin/ifconfig, because adding a l= ot of IPv6 addresses (which with that address space could easily happen) could= end up taking a long time. The proper order is to set all the addresses, and t= hen sleep once. I might need to fix this inside of jail(8). There's a sleep in /etc/rc.d/n= etif to handle just this situation, but the alias address setting is done within jail itself. It would be a similar strategy, set all the addresses, and th= en sleep once (if any were IPv6). --=20 You are receiving this mail because: You are the assignee for the bug.= From nobody Thu Sep 14 14:48:17 2023 X-Original-To: jail@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4RmgDK5qfMz4sXYs for ; Thu, 14 Sep 2023 14:48:17 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4RmgDK3Xbgz4SYD for ; Thu, 14 Sep 2023 14:48:17 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1694702897; a=rsa-sha256; cv=none; b=VbQvxQfQ8I3wXz7ePsz3YH+SEJWxcEIVmG1bNpm7HFp8n+rE+ljNLcIG8o43Ipp1O1NDET iJvol8xdbifvvO7mIqjvOLVXrjpTs1/G8CDsSenoGlQMivWQT8OnZwT28s+X5sbihDR50g QXQ+vvwmXd/Zz7nKL3uQkZJ7K/PLHeiepBiBkmMHyRh/zYLOUGpR8NYjv4ZxmQUfbHSnJb 7pg06QA2OgAP1k17ouzAegjcyiBNaM0qJfqG+1bX2LXJ3FUQuzIFcBgf/N6+oVeU9Phacb 2thJ/ILqL1Lt1mAYQxbM1qFNoPxOfovE/12G9iR3Vk615+iujpmuo6sGjgy/lw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1694702897; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=X/Hvil3/sX+Jzu+i2q4MMQY/lEsjfuxxR0vWUhCTgRw=; b=DqLgRT/AAVpvmRIaXs9Uke3cU+UB6R426P+e+F850h0tWrdkaRqqMejcKcikd4F4Fa7iu3 +Z70S+lflILka+gRC1oBbJnvplSYDn9lk01BdAfeVDoa7UHvwIQIzCW4Mj+5cMsjPsS/hX bDZY3kXo0kKjLq6hOtMZqOW4P1xvfyiO9ch7gVuakeDDm62pNr1Nz8ootgkNLAyhUGZhks kTP+77z3gvIOWsCQPPCY21iSYnAcj23spXhvbsMlSEs+9fGyyWybhTP2mMuTDQU/SUVZk9 Wr4TZzptR5BISnPy0LEJ4dDZM+1uQHg1O4IimZJc28h59t/5IT+hJolvtlnGSA== Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4RmgDK2VVLz10x1 for ; Thu, 14 Sep 2023 14:48:17 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 38EEmHcG018006 for ; Thu, 14 Sep 2023 14:48:17 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 38EEmHLY018004 for jail@FreeBSD.org; Thu, 14 Sep 2023 14:48:17 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: jail@FreeBSD.org Subject: [Bug 259149] mac_portacl not in affect when running VNET jail Date: Thu, 14 Sep 2023 14:48:17 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 13.0-RELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Many People X-Bugzilla-Who: freebsd@igalic.co X-Bugzilla-Status: Open X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: jail@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_status assigned_to cc Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Discussion about FreeBSD jail(8) List-Archive: https://lists.freebsd.org/archives/freebsd-jail List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-jail@freebsd.org MIME-Version: 1.0 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D259149 Mina Gali=C4=87 changed: What |Removed |Added ---------------------------------------------------------------------------- Status|New |Open Assignee|bugs@FreeBSD.org |jail@FreeBSD.org CC| |freebsd@igalic.co --- Comment #2 from Mina Gali=C4=87 --- assigning to jail@ for now, maybe someone there can make sense of this --=20 You are receiving this mail because: You are the assignee for the bug.= From nobody Thu Sep 14 15:29:30 2023 X-Original-To: jail@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Rmh7t6rjnz4sjQm for ; Thu, 14 Sep 2023 15:29:30 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Rmh7t5rRQz3CNf for ; Thu, 14 Sep 2023 15:29:30 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1694705370; a=rsa-sha256; cv=none; b=bVRmzf+rFa3GLXDuY+DYVtjIIyuqxOedL1/qfWduTqjYJYI89pHMuIrUKn/xGLYeULlcBt 2yXVi7ev098d97qz1MZ9XJSLDzj8A9atpwFyX/Zqn0rR6UMkBsMj/zTF6YCgCp0I5S2Nlj wyvkWp6CGh38PLOlnZhKeoc5dLQqPOQvRk2/nCFr083wf8CFcnaugfZG+a/2AYaYvM8m+T wtp+Omur7LT1aruL2F/N+AGeTIMpmL6N3YY1mqM5ORoxTP0n/8QrUS9QTRG36L8JKGu0Jd HqqX96N045put0WegjxD8nKhlla9RzxWg7Szaln8KCg/3ldmfVpLKnBIbXJNDw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1694705370; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Gkle1GgaC1Gd2g7XOZzxOJzKcX0/RVQNIlKXWpWJw0U=; b=JsmhYZ/15hSjrdjhWUSUL9g+fCXsBwYGeUqpZ4WQaszQJ3vsuBlNV9aBSLJeCu2O+wWoxc +J7fKYUnaQuLRuZK5f/06s/Hg85hJddGiFlNFz6P118x2NBXXC4f4rQAmCH88gsTqFY9KG qhg5d/e/JRPxdHukHnBU1JeZOXPQjaMVoCk7jcVWKjyKDKhz6FEKWZgwBCahMAemmBjt9m gtJPB0X6yGaErWPXJatTNw//SyaPMXY/1x+Gfdg4xKHUWDTsAurbqOYWkZ+60cR+WSovfz ud334TzBx8Qz4C/jzyDCWyk9M2rUnOmoHxO3NziXR4o/Q1ohTKBjHWO2v/kUUA== Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4Rmh7t4p60z12CG for ; Thu, 14 Sep 2023 15:29:30 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 38EFTU9B078456 for ; Thu, 14 Sep 2023 15:29:30 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 38EFTU32078455 for jail@FreeBSD.org; Thu, 14 Sep 2023 15:29:30 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: jail@FreeBSD.org Subject: [Bug 259149] mac_portacl not in affect when running VNET jail Date: Thu, 14 Sep 2023 15:29:30 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 13.0-RELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Many People X-Bugzilla-Who: tom@hur.st X-Bugzilla-Status: Open X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: jail@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: cc Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Discussion about FreeBSD jail(8) List-Archive: https://lists.freebsd.org/archives/freebsd-jail List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-jail@freebsd.org MIME-Version: 1.0 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D259149 Thomas Hurst changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |tom@hur.st --- Comment #3 from Thomas Hurst --- Investigating this finds 'net.inet.ip.portrange.reservedhigh=3D1023' within= a vnet jail, so mac_portacl doesn't get a chance to do anything. As on the host this needs to be set to 0 to allow mac_portacl to operate, though to change this I had to drop the initial jail securelevel. --=20 You are receiving this mail because: You are the assignee for the bug.= From nobody Sat Sep 16 02:21:23 2023 X-Original-To: jail@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4RnZYb6GvFz4tTf9 for ; Sat, 16 Sep 2023 02:21:23 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4RnZYb3Bbxz4FKb for ; Sat, 16 Sep 2023 02:21:23 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1694830883; a=rsa-sha256; cv=none; b=WXctqfjX6uOEFT4F0WYXzmZdGnOrXQ6MeM0IRgEkNFYGxCiYu/a75+ZyZu3cmuSYEPha6T IY95khA9oG4VMYVgv+Gc6b6wq/GZMvHVg3HLVcfddJMpxcQ0tQxVjHlAyFchkXY1TOtjpI pp+yCcCnuwB5KwRSgLl839cgfJelmA3S5AXQOBAA/0b8BMCbSfGp0pcA+5m9Zrl/BLZrAD 3keS4dI47KAEVD9uBUYhyvZ6NO9xotN4z3tqQ5danapBipPBU7ZozjXatfxDdO9qh6nmnv GfwYyxETk3PdE1RSc5ftMFYiWdDgYJYR+nPYm/dwI/IqfZnfghbx4K3NcwHlSw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1694830883; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=7VYzJsNE3Frb8jo+C6+Uis6KBrxtKZsF+qX50nqIaGA=; b=nEOsJNupRlaC7fOyKnRo6ioFHAM6DUmA01D6FTcROis5+gIq34SUtkckdeI922FsmZDOqy vZP51dtV573083rDjpeCp8E6kHYioV/eCNsyIM9uHTDjZsSZNTwS2h+GQaXChWyPl1Bju1 e+L7u8r6Ttqy1iytfT07Jnnx5TxPJh2pmWUFkFiuBUdB6aaUxst7Ed6Kvlo/hMJY6ewxOX rOXLNjYCVhFhpw8G2Hg/JJfw0gZWhbJDhPfcbbYprTESeW4cbbCk1z+JqFq3kGAgT2EFz0 wRBlkRs4/I0VkL+2XLEolPYR8eGXtxIoZ6PE8EVUki89UxTXcjAizyTTrfypJA== Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4RnZYb2BMGzp5H for ; Sat, 16 Sep 2023 02:21:23 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 38G2LNE5005227 for ; Sat, 16 Sep 2023 02:21:23 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 38G2LNKF005226 for jail@FreeBSD.org; Sat, 16 Sep 2023 02:21:23 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: jail@FreeBSD.org Subject: [Bug 259149] mac_portacl not in affect when running VNET jail Date: Sat, 16 Sep 2023 02:21:23 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 13.0-RELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Many People X-Bugzilla-Who: zlei@FreeBSD.org X-Bugzilla-Status: Open X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: jail@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: cc Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Discussion about FreeBSD jail(8) List-Archive: https://lists.freebsd.org/archives/freebsd-jail List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-jail@freebsd.org MIME-Version: 1.0 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D259149 Zhenlei Huang changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |zlei@FreeBSD.org --- Comment #4 from Zhenlei Huang --- (In reply to Thomas Hurst from comment #3) > Investigating this finds 'net.inet.ip.portrange.reservedhigh=3D1023' with= in a > vnet jail, so mac_portacl doesn't get a chance to do anything. The sysctl variable `net.inet.ip.portrange.reservedhigh` is a per-vnet one.= So it is default to 1023 for vnet jail. That is expected. ``` /* * Reserved ports accessible only to root. There are significant * security considerations that must be accounted for when changing these, * but the security benefits can be great. Please be careful. */ VNET_DEFINE(int, ipport_reservedhigh) =3D IPPORT_RESERVED - 1; /* 1023 */ VNET_DEFINE(int, ipport_reservedlow); SYSCTL_INT(_net_inet_ip_portrange, OID_AUTO, reservedhigh, CTLFLAG_VNET | CTLFLAG_RW | CTLFLAG_SECURE, &VNET_NAME(ipport_reservedhigh), 0, ""); ``` > As on the host this needs to be set to 0 to allow mac_portacl to operate, > though to change this I had to drop the initial jail securelevel. Tree indeed. --=20 You are receiving this mail because: You are the assignee for the bug.= From nobody Sat Sep 16 02:23:01 2023 X-Original-To: jail@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4RnZbV1dzxz4tVC4 for ; Sat, 16 Sep 2023 02:23:02 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4RnZbV0Y2fz4FTY for ; Sat, 16 Sep 2023 02:23:02 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1694830982; a=rsa-sha256; cv=none; b=FRkPOnBum3W+wKmDx/GbYJyFmI9UeBg1FeXw20e96ALhouz3QPGpxEMVi0dTlgnyElXEB0 c/1OWCIccyYc+mPQw3/Z2jDo0+CmbaHL7wslHGEpY/SbizakrAvtWaAajAvb+IjTX1DmRk qHFqv7MNvYrkwQXy/ZfKMmcbnQq3k99gQ4fx73Nfdkuw4KNZUTN7e9F4IPRkOncM3i5862 T8libho6WK9wJUtsKM4ImTTBw2aOLT+QtVtN6CY7z0r0enNvkAO1wCnd3WekWX25ug8Y19 WOExRWE7HL34z6sjD2gzLu92t35+Z7sWfsfExtaH6rQjLtoaGTx6SkYY1N8U8g== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1694830982; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=n5rzuTsM0l0JZeQs+6KsJ2ACgCWOtSavWGAzXQROx+Y=; b=KzM6DpDnYL3c9/10MaykoSnS6dI4S2N8X/FcAdIc7Z7oQXMo670Uhzo+tTWYV9aVRg+LN7 eYogEZ5DAxQYlJtJwEinyPgJpX+Fq319ozrtf8r8OPeKkXvHGeBwgsrOsCvS/eDYhCcl/V IC85XMnIOgjgmf54PSpz3ci9EWMMo1tj3kKu/w4NWomd7rg2D9a7vO2Qro7M0j6LrVQiZ3 460yy5VkFqxmjgTlrdH8TnsZ8aLVPXAZdGdVymjZFj2VwrgSbJTtTobxWkn0tH3smwKVBn 2/8cdaoJVSU7V/Aw1LyxEANM5I4vU3VZLlhk1mWtFJia84D/qoe7T75OK0vtOA== Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4RnZbT6dGzzpQh for ; Sat, 16 Sep 2023 02:23:01 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 38G2N1LW010946 for ; Sat, 16 Sep 2023 02:23:01 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 38G2N1ds010945 for jail@FreeBSD.org; Sat, 16 Sep 2023 02:23:01 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: jail@FreeBSD.org Subject: [Bug 259149] mac_portacl not in affect when running VNET jail Date: Sat, 16 Sep 2023 02:23:01 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 13.0-RELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Many People X-Bugzilla-Who: zlei@FreeBSD.org X-Bugzilla-Status: Open X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: jail@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Discussion about FreeBSD jail(8) List-Archive: https://lists.freebsd.org/archives/freebsd-jail List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-jail@freebsd.org MIME-Version: 1.0 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D259149 --- Comment #5 from Zhenlei Huang --- (In reply to Zhenlei Huang from comment #4) > Tree indeed. Sorry for the typo :( It was `True indeed`. --=20 You are receiving this mail because: You are the assignee for the bug.= From nobody Sat Sep 16 02:36:04 2023 X-Original-To: jail@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4RnZtY1z8Dz4tXrP for ; Sat, 16 Sep 2023 02:36:05 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4RnZtX52pWz4H6P for ; Sat, 16 Sep 2023 02:36:04 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1694831764; a=rsa-sha256; cv=none; b=TZWU3vBNHeeURU70YiqnJ+YmxvxsbK/DZjD2qMSXkbCHxaNaHWXMszORXBJgMEz78Tj7O9 0xqefKP0aG/lS34Px55fvfJjAS0d2mgBb4JJAWySLD8nKoS3mR0kTXL1q4Z7rZgx+KW2sA CusiAQYK33bGYy9LimpJnl2tRr7LYKj1AYTkyLTjfLbxjiomoLkRuMKgBkz5imvsY2pJ3g 46GAU2D92GXT6NcQ/Pu3H2J9mIdrEOH6fxd76CRgBL8h4dlbyd7muAw+9keq+4DOV3Hoew SAfyqg1/GcisTkghTPg3/4tS6La+0WMZQUKLfF+ZyQ48zYVIGf2EdWAnpFtHVA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1694831764; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=di3P0ZkUtjloYgoAdVVDzmbsYyt13zobseni50yUEac=; b=plM6Mkdhu3j18mQKuOCQXIiTIAPDwxWM0Rk4J2iK6KOF8ZwsUYPZVn95JEdYDB2e58n0ms t4sTG7L2R/J9fN8BKZ5qdK+XPWTE+pcJtHdcF1nHrO56UDJOeDtsi/mSd3XZzRBUQ2kptO g3mn6ZDSIF4wyj8LjitQf9+3skVJJbpqB9F6fMf2DrlG7GL20jxMvv8vdhowrtC53CDEXN tFChbMGurIewCI1OjEmJl8CAKM5mYDaTnp0PZr5BrCPiKIK604gL/vmRxm0D34c0Gjwvyz jpiZq9pJiO0tD0JeCbN6OopdZJtAqsRNfrCmdku9ArOF2WkKleO9YPdpAqLExA== Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4RnZtX417WzpVs for ; Sat, 16 Sep 2023 02:36:04 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 38G2a4pd026344 for ; Sat, 16 Sep 2023 02:36:04 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 38G2a4hB026343 for jail@FreeBSD.org; Sat, 16 Sep 2023 02:36:04 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: jail@FreeBSD.org Subject: [Bug 259149] mac_portacl not in affect when running VNET jail Date: Sat, 16 Sep 2023 02:36:04 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 13.0-RELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Many People X-Bugzilla-Who: zlei@FreeBSD.org X-Bugzilla-Status: Open X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: jail@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Discussion about FreeBSD jail(8) List-Archive: https://lists.freebsd.org/archives/freebsd-jail List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-jail@freebsd.org MIME-Version: 1.0 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D259149 --- Comment #6 from Zhenlei Huang --- (In reply to uros from comment #1) > Anyone have any idea what could be checked here? For vnet jails, adjust vnet sysctl `net.inet.ip.portrange.reservedhigh` appropriately. --=20 You are receiving this mail because: You are the assignee for the bug.= From nobody Sat Sep 16 02:43:26 2023 X-Original-To: jail@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Rnb322LKSz4tZtx for ; Sat, 16 Sep 2023 02:43:26 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Rnb320sl7z4JgY for ; Sat, 16 Sep 2023 02:43:26 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1694832206; a=rsa-sha256; cv=none; b=Cq85yI3pTqO5uaY2ip4/Wa+t/4JcoSwJA+7hgZABa7BSaKDlI155yNahzMzMKOY4GYw+Gb V88WqKzZoAQYo/BWg8a/oZ2xtyRMlG2d/mkaIu4li5xnhZBxOtneHt3VWTkubhJ+hydl26 kGNGvQiMN7J12ijYKPAMEbuGnx/V/BKiTM6jpTe0IMn7uX9sGYyHO5FGOcIxnOQqNV0s2i hXLuHcApD5HKtOepG/KiNVNb9tsDyWaEvawX2KX1Pmu6CE2yD8UfiuorXaEld2XV1Cb4Vb bz+6mzvOCHM+YjTpsyrfByNrJHP4aCUr4b/EoXVhV6/52uiuCE+4WM6eSm8XsA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1694832206; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=TO9VbH1qv43H+tCXDvKZJHSKTu/roBUe5eIBtpq1xDc=; b=lbDy5lF7dzw7GhNi/a3YFJn4KIoRVkBWWYB6tHe0Q88uT5gVnJ6Ht/3exomYi7Lrih9gJC SxNCBvZYfF0L9vjbsqg/DQ0WR6MibbiVLdFR724TPSve9kC3y/Tgl/04Iu/yzIk/zUaCFZ 8SmFJ9DcZvqOrBBCVhhIN6EAvhdYDThGG1GuJZ8a0wW07ctXcKapi/opxDrEuP2NK8IFyq Kk2heqsOtn9MTJx9vAEzS3Z6EOaeT5eRZc5dZfTgKoedgXeBS7bxJbBuPMbCzRVkNXLQUF c/dAkXVYvGfod/+gwrdJl/7/2W0BbuNreBCC9g332ZnrqeBuxejNT8KRnORbSw== Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4Rnb3173wjzpTC for ; Sat, 16 Sep 2023 02:43:25 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 38G2hPMf037750 for ; Sat, 16 Sep 2023 02:43:25 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 38G2hPSh037749 for jail@FreeBSD.org; Sat, 16 Sep 2023 02:43:25 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: jail@FreeBSD.org Subject: [Bug 259149] mac_portacl not in affect when running VNET jail Date: Sat, 16 Sep 2023 02:43:26 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 13.0-RELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Many People X-Bugzilla-Who: zlei@FreeBSD.org X-Bugzilla-Status: Closed X-Bugzilla-Resolution: Works As Intended X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: jail@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_status resolution Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Discussion about FreeBSD jail(8) List-Archive: https://lists.freebsd.org/archives/freebsd-jail List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-jail@freebsd.org MIME-Version: 1.0 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D259149 Zhenlei Huang changed: What |Removed |Added ---------------------------------------------------------------------------- Status|Open |Closed Resolution|--- |Works As Intended --- Comment #7 from Zhenlei Huang --- Close as that is expected behavior. --=20 You are receiving this mail because: You are the assignee for the bug.= From nobody Sat Sep 16 11:30:47 2023 X-Original-To: jail@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4RnplX33Wdz4tPD2 for ; Sat, 16 Sep 2023 11:30:48 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4RnplW3wWdz3NNb for ; Sat, 16 Sep 2023 11:30:47 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1694863847; a=rsa-sha256; cv=none; b=gqKbAB6HPIRjDhXIpY2ngXjpQnt0qYwFyh1FYza94Nhe12bZH5AqSW8R2tPxyckFDg9JmG uuP491TQYOaiurC6nbPOA8BiDRijeUQyoSsrPf8s9nsVT/gDms2U/hTpRaduWs2WKUrwN0 H9PcxeDoB4c8Dl0QfisDxaFc5ndr07eQVcguEa3ABTLTaSaYrL1NMTJ1lBjLnJjZ3na+T7 yhRvyF1Gjj2VUHyfaWcSiFJOva7JJH34r5/iZuHnG4WyQxZQDcvV6vnGedmRy/g9J5G9+b riPxQCGZgm8+O+robH4Pviap0RnjyrmDPzQQDgjCdA0lrEcfccIjBhk9CRvFJw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1694863847; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=3ip9tu+f9nD0cEDDiGDp4FUZWDiQ7JIgh/a75XJ/Tls=; b=Lj3gxDjYDAGowOASmFVvr5EACCcwF29aS2jETPQK25Om5ClN3f3uLeDdzxMRBeBdEQZ2Tx /crJFvWxQURTXG7Wti2f1Y9YC40AengMgWZGyCLywBZKJ0MZBKKz/2mfDh6QjCDfyyXIOT 1iTPZPkRyktOd1ZLtNiytnfHZjbnZVp24ssuDUWeTV6/LtEebwFKi09Mihn2dBixJg943h 2Wh0DWpgdyrDduyJII54ntW6zeORtPut0SQTSTLtgaKx/8h4OcNNoTpYitqqfjZ0NHfUYE p/2U2KmzEOUOPPEebsqNXeBXIPU00eqYt1miczPmrqVj6YYJLn1bZ75ujhdrxQ== Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4RnplW2zwWz14fK for ; Sat, 16 Sep 2023 11:30:47 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 38GBUl4Q014983 for ; Sat, 16 Sep 2023 11:30:47 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 38GBUltw014982 for jail@FreeBSD.org; Sat, 16 Sep 2023 11:30:47 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: jail@FreeBSD.org Subject: [Bug 259149] mac_portacl not in affect when running VNET jail Date: Sat, 16 Sep 2023 11:30:47 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 13.0-RELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Many People X-Bugzilla-Who: tom@hur.st X-Bugzilla-Status: Closed X-Bugzilla-Resolution: Works As Intended X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: jail@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Discussion about FreeBSD jail(8) List-Archive: https://lists.freebsd.org/archives/freebsd-jail List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-jail@freebsd.org MIME-Version: 1.0 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D259149 --- Comment #8 from Thomas Hurst --- A small note in mac_portacl(4) that the reservedlow/high oids are per-vnet = - in contrast with the global mac_portacl policy - would probably have made all = the difference here. --=20 You are receiving this mail because: You are the assignee for the bug.=