From owner-svn-src-projects@freebsd.org Thu Jul 26 13:32:49 2018 Return-Path: Delivered-To: svn-src-projects@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 7A032104F4C4 for ; Thu, 26 Jul 2018 13:32:49 +0000 (UTC) (envelope-from freebsd@pdx.rh.CN85.dnsmgr.net) Received: from pdx.rh.CN85.dnsmgr.net (br1.CN84in.dnsmgr.net [69.59.192.140]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id EC8F28F025; Thu, 26 Jul 2018 13:32:48 +0000 (UTC) (envelope-from freebsd@pdx.rh.CN85.dnsmgr.net) Received: from pdx.rh.CN85.dnsmgr.net (localhost [127.0.0.1]) by pdx.rh.CN85.dnsmgr.net (8.13.3/8.13.3) with ESMTP id w6QDWdkK045746; Thu, 26 Jul 2018 06:32:39 -0700 (PDT) (envelope-from freebsd@pdx.rh.CN85.dnsmgr.net) Received: (from freebsd@localhost) by pdx.rh.CN85.dnsmgr.net (8.13.3/8.13.3/Submit) id w6QDWdQI045745; Thu, 26 Jul 2018 06:32:39 -0700 (PDT) (envelope-from freebsd) From: "Rodney W. Grimes" Message-Id: <201807261332.w6QDWdQI045745@pdx.rh.CN85.dnsmgr.net> Subject: Re: svn commit: r336731 - projects/bectl/sbin/bectl In-Reply-To: <20180726131959.qplqj62fkjzcfyid@mutt-hbsd> To: Shawn Webb Date: Thu, 26 Jul 2018 06:32:39 -0700 (PDT) CC: Kyle Evans , src-committers@freebsd.org, svn-src-projects@freebsd.org Reply-To: rgrimes@freebsd.org X-Mailer: ELM [version 2.4ME+ PL121h (25)] MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII X-BeenThere: svn-src-projects@freebsd.org X-Mailman-Version: 2.1.27 Precedence: list List-Id: "SVN commit messages for the src " projects" tree" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 26 Jul 2018 13:32:49 -0000 -- Start of PGP signed section. > On Thu, Jul 26, 2018 at 04:07:37AM +0000, Kyle Evans wrote: > > Author: kevans > > Date: Thu Jul 26 04:07:36 2018 > > New Revision: 336731 > > URL: https://svnweb.freebsd.org/changeset/base/336731 > > > > Log: > > bectl(8): Redo jail using jail(3) API > > > > The jail is created with allow.mount, allow.mount.devfs, and > > enforce_statfs=1. Upon creation, we immediately attach, chdir to "/", and > > drop the user into a shell inside the jail. > > > > The default IP for this is arbitrarily 10.20.30.40. > > It seems this would only allow working in a single jailed BE at a > time, correct? Also it is just bad practice to use arbitrary IP's from rfc1918 space. IMHO it would be better to pick a rfc3927 link local address, or one of the rfc5737 test network addresses. Please see RFC5735 page 6, table in section 4, no place in FreeBSD base system should we be shipping stuff that uses rfc1918, that is private space that does not belong to the OS. > Thanks, > Shawn Webb Regards, -- Rod Grimes rgrimes@freebsd.org