From owner-svn-src-projects@freebsd.org Thu Jul 26 13:20:43 2018 Return-Path: Delivered-To: svn-src-projects@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 47C32104EE4D for ; Thu, 26 Jul 2018 13:20:43 +0000 (UTC) (envelope-from shawn.webb@hardenedbsd.org) Received: from mail-wm0-x22b.google.com (mail-wm0-x22b.google.com [IPv6:2a00:1450:400c:c09::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id A4A2F8E650 for ; Thu, 26 Jul 2018 13:20:42 +0000 (UTC) (envelope-from shawn.webb@hardenedbsd.org) Received: by mail-wm0-x22b.google.com with SMTP id l2-v6so2120174wme.1 for ; Thu, 26 Jul 2018 06:20:42 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hardenedbsd.org; s=google; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to:user-agent; bh=QBoX6uiEpR46kaGF7fOtHTUHSKM/13GobL77bFjug0Q=; b=N/ilmvuYIusBLsqLcOwm9d5VDgNJAnwIYnXGj26PgapgfZ+J9D0u5rfZV6dNtaBBvg MhfCOKO+Xj+/coQkxC3xuR4NnZlvpXdrimsOTsXVZeEfzFrhwPs4kk4IDzShOIqtLmAJ 5/xNMYN5PdVy85i6k5sL0weH7ptMFpDskEFcwUBw8E7q6qO0zd9knp9OJuS4CX8NpLWq JonWO0vMxrM8YEd5CufachOEDt7d3gsSV74rQ6S43cdCogjdkq0dd1vZNUDHAWitkW1c L7vk4hamdQURwZyvL3DotTaVhvWTN2tRjPno7WpxO+DUoSeHZ/XcOAd8Z50Otxd8qhbC K4TA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to:user-agent; bh=QBoX6uiEpR46kaGF7fOtHTUHSKM/13GobL77bFjug0Q=; b=tVVW2rHF4gDMIC42l+1lMwxx1HLfhrz/soeO73NYb94tjz0Bj15gUKP9/ezNdnIshY CHjfvfhXJFpfKL0rCHSxTKwI6ksjVdggRmRJHsey/6qNfJQskRwRQwEWWyb42NhNTSsk /3PLqW/46Hvk+1giJjfladiZhm7Wyfvw1y+dmtwbyVg9R6T1tRG2/r4X6lk8QUGe+fb6 +eISjXFCSeHkbK2vWgQ+FrvDoM8x5+sUmnc4azKJhEjuH+B7mG7Sxqw6ixkm+G2ZDm3R UlJrDJUY24v7KvFMtBVcLqCyNRHxydLX7MWBmkYoxyWEOveMvw7VjGYvGUEvXAW14B/i 1hZQ== X-Gm-Message-State: AOUpUlEWlKIYlQeienhVeVsClhpAARpzfkK+FZev+yu+T64QRl4Ro/gI rR8OfGYzQZGqkQwZiepBpCvmVzFbQ2M1IA== X-Google-Smtp-Source: AAOMgpcTxwdOKoocy3rM8OTNG2JGWk4qbBBV07fHGhHIX2DmAcRVZuy2nmiOHL1AS6pgQdcb82cqrg== X-Received: by 2002:a1c:d892:: with SMTP id p140-v6mr1682141wmg.76.1532611240817; Thu, 26 Jul 2018 06:20:40 -0700 (PDT) Received: from mutt-hbsd ([185.220.102.7]) by smtp.gmail.com with ESMTPSA id a20-v6sm1886773wmg.23.2018.07.26.06.20.37 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 26 Jul 2018 06:20:39 -0700 (PDT) Date: Thu, 26 Jul 2018 09:19:59 -0400 From: Shawn Webb To: Kyle Evans Cc: src-committers@freebsd.org, svn-src-projects@freebsd.org Subject: Re: svn commit: r336731 - projects/bectl/sbin/bectl Message-ID: <20180726131959.qplqj62fkjzcfyid@mutt-hbsd> References: <201807260407.w6Q47biK033951@repo.freebsd.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="ybmzvme6yy3n3dvl" Content-Disposition: inline In-Reply-To: <201807260407.w6Q47biK033951@repo.freebsd.org> X-Operating-System: FreeBSD mutt-hbsd 12.0-CURRENT FreeBSD 12.0-CURRENT X-PGP-Key: http://pgp.mit.edu/pks/lookup?op=vindex&search=0x6A84658F52456EEE User-Agent: NeoMutt/20180622 X-BeenThere: svn-src-projects@freebsd.org X-Mailman-Version: 2.1.27 Precedence: list List-Id: "SVN commit messages for the src " projects" tree" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 26 Jul 2018 13:20:43 -0000 --ybmzvme6yy3n3dvl Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Jul 26, 2018 at 04:07:37AM +0000, Kyle Evans wrote: > Author: kevans > Date: Thu Jul 26 04:07:36 2018 > New Revision: 336731 > URL: https://svnweb.freebsd.org/changeset/base/336731 >=20 > Log: > bectl(8): Redo jail using jail(3) API > =20 > The jail is created with allow.mount, allow.mount.devfs, and > enforce_statfs=3D1. Upon creation, we immediately attach, chdir to "/",= and > drop the user into a shell inside the jail. > =20 > The default IP for this is arbitrarily 10.20.30.40. It seems this would only allow working in a single jailed BE at a time, correct? Thanks, --=20 Shawn Webb Cofounder and Security Engineer HardenedBSD Tor-ified Signal: +1 443-546-8752 Tor+XMPP+OTR: lattera@is.a.hacker.sx GPG Key ID: 0x6A84658F52456EEE GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE --ybmzvme6yy3n3dvl Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEKrq2ve9q9Ia+iT2eaoRlj1JFbu4FAltZynsACgkQaoRlj1JF bu5mNQ//YBFVq38LArHQyP9d+eRldaZZV/U5JpTRNlPK0cy1hroXvJ+7BBpPPGws lODGHEOKpYTwv6mQbBXsgH+IVogGIW0q0Je7OKJs3V6RF0J893Wy+H30K3kNCZY2 m6qf+XI5L2EOCOXmghKktBbUcNWp+VPcp8oZUARmrW2x1kCBB3z53jDO3iyJYb3q EgXpqTpUXQbWZQSmHgTOfhIQms8FcVQ5rEEWdm2CAYXs8kUWRMd8/GxqYsbWddpK sXfva8/4lPqEdAW+7IPnZGOz7JCYeXlc0y0zRUlU9xGEa9O5wZ7NcF4XJiS0IDhc vd9wMhyNhswa4NwZ657OGUPxTxBoD86PybnojGg9dZK3mIxWq+bNoDnlGi6w8I60 BlnckQFBXyi3rB3P6v4+ZPetd2yUz/M4020EnzVxeDH3yyj8IlnchDBd+aHGuYoW nEXoPzm4PMY4FdTVt7cw3x2h6zYDLzr3RsUaZVJ8+WKsFiwPyYzrbRVo/XhMhv+o F6bB8Wnx6JKXk0AsLUopBJZrWvqGneWj21vcbqZ2nK44sQqHxpu0c7MT2deWSiS7 n6KLyGFDKyO1etUKnG/sfPcctoqP9NKB3+t6iG7JDC6MuHXydYWUzXZyUfq1Cy4b ivJ+3g+M+oQaUCROdXwax6SHDMs8Tgg8E+IW8umOTgZ6BwNzYfM= =mdbt -----END PGP SIGNATURE----- --ybmzvme6yy3n3dvl--