From owner-freebsd-virtualization@FreeBSD.ORG Thu Sep 9 21:15:03 2010 Return-Path: Delivered-To: freebsd-virtualization@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 2753910656CB for ; Thu, 9 Sep 2010 21:15:03 +0000 (UTC) (envelope-from julian@elischer.org) Received: from out-0.mx.aerioconnect.net (outm.internet-mail-service.net [216.240.47.236]) by mx1.freebsd.org (Postfix) with ESMTP id C56C98FC08 for ; Thu, 9 Sep 2010 21:15:02 +0000 (UTC) Received: from idiom.com (postfix@mx0.idiom.com [216.240.32.160]) by out-0.mx.aerioconnect.net (8.13.8/8.13.8) with ESMTP id o89KvVMi023453; Thu, 9 Sep 2010 13:57:31 -0700 X-Client-Authorized: MaGic Cook1e X-Client-Authorized: MaGic Cook1e X-Client-Authorized: MaGic Cook1e Received: from julian-mac.elischer.org (64.1.209.194.ptr.us.xo.net [64.1.209.194]) by idiom.com (Postfix) with ESMTP id 10A9D2D6016; Thu, 9 Sep 2010 13:57:27 -0700 (PDT) Message-ID: <4C894A56.7040109@elischer.org> Date: Thu, 09 Sep 2010 13:57:58 -0700 From: Julian Elischer User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X 10.4; en-US; rv:1.9.2.9) Gecko/20100825 Thunderbird/3.1.3 MIME-Version: 1.0 To: "Luiz Gustavo S. Costa" References: <20100907164529.O31898@maildrop.int.zabbadoz.net> In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Scanned-By: MIMEDefang 2.67 on 216.240.47.51 Cc: "Bjoern A. Zeeb" , FreeBSD virtualization mailing list Subject: Re: [patch] allow testing VIMAGE with pf in base system only X-BeenThere: freebsd-virtualization@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion of various virtualization techniques FreeBSD supports." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 09 Sep 2010 21:15:03 -0000 On 9/9/10 12:22 PM, Luiz Gustavo S. Costa wrote: > Hi Bjoern, > > I just perform tests with your patch and it worked very well! thanks > for the patch ... > > But I found something that may be unsafe within the jail environment, > I'm allowed to change /dev/pf, so that if I run a "pfctl-f > /etc/pf.conf" inside the jail to do with that the rules are read > again, killing pf.conf on the main environment there is a version of pf in the wings that actually knows about jails. This change is not to be confused with that. > > FreeBSD gugabsd.xxxx.com.br 8.1-STABLE FreeBSD 8.1-STABLE #1: Thu Sep > 9 14:31:43 BRT 2010 > root@gugabsd.xxxx.com.br:/usr/obj/usr/src/sys/GENERIC i386 > > Thanks > > 2010/9/7 Bjoern A. Zeeb: >> Hey, >> >> in a way to work on something I needed to be able to at least load pf >> on my VIMAGE development machine. So I quickly hacked together a >> patch that does exactly that. I hope it'll apply to HEAD or stable/8 >> but I didn't test on either. >> >> This will NOT allow you to use pf with jails+vnet but should allow >> using pf in the base system even if VIMAGE is enabled. In case it >> still panics for you, let me know and include a backtrace in your >> report. >> >> http://people.freebsd.org/~bz/20100907-01-pf-vnet0.diff >> >> /bz >> >> -- >> Bjoern A. Zeeb Welcome a new stage of life. >> _______________________________________________ >> freebsd-virtualization@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-virtualization >> To unsubscribe, send any mail to >> "freebsd-virtualization-unsubscribe@freebsd.org" >> > > >